Item2520: Reading form field values from topic happens with tainted topic name
Current State: Closed
Released In: 1.0.9
Target Release: patch
Applies To: Engine
Editing a topic with a form where the form has e.g. a select with values defined in a topic.
This causes a taint error if taint asserts are enabled (developer thing).
It turns out the reading of the topic name from the form results in a tainted topic name.
However at some point we normallize the topic / web AND we check that the topic exists, so we have a pretty good check that the data is valid.
This means that we can untaint the variable.
I am checking this in.
- 22 Dec 2009