Item2520: Reading form field values from topic happens with tainted topic name

Priority: CurrentState: AppliesTo: Component: WaitingFor:
Normal Closed Engine    
Editing a topic with a form where the form has e.g. a select with values defined in a topic.

This causes a taint error if taint asserts are enabled (developer thing).

It turns out the reading of the topic name from the form results in a tainted topic name.

However at some point we normallize the topic / web AND we check that the topic exists, so we have a pretty good check that the data is valid.

This means that we can untaint the variable.

I am checking this in.

-- KennethLavrsen - 22 Dec 2009

ItemTemplate edit

Summary Reading form field values from topic happens with tainted topic name
ReportedBy KennethLavrsen
Codebase 1.0.8
SVN Range
AppliesTo Engine
Component
Priority Normal
CurrentState Closed
WaitingFor
Checkins Foswikirev:5847 Foswikirev:5848
TargetRelease patch
ReleasedIn 1.0.9
Topic revision: r4 - 17 Jan 2010, PaulHarvey
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons License