If you are a developer, please use a private wiki based on foswiki/trunk on a daily base ...or use trunk.foswiki.org
to view this page for some minimal testing.
for docu changes for 1.2 and 2.0.
Item528: Code validation is weak in places
There are couple of places in the core code where validation is weak.
Details available from a security team member on production of two valid forms of ID and a DNA test.
- 20 Dec 2008
Would appreciate a review.
- 21 Dec 2008
Enough; validation is much, much better now. New bugs must be treated as such.
Reviewed some, and struggled with Foswikirev:1551
for a long time before coming to the conclusion that defusing isn't needed, and it has never been a security issue as perl won't allow this, unless ones uses re 'eval'.
I've fixed the unit test, as your badpattern was failing, and the test was wrong indeed, and I've added a bunch just to ensure we're not breaking basic things with the validatePattern. These tests might not be best in the Fn_SEARCH but they were so closely related to your badpattern that I felt it was best to put them there.
- 31 Dec 2008