Item528: Code validation is weak in places

Priority: CurrentState: AppliesTo: Component: WaitingFor:
Urgent Closed Engine    
There are couple of places in the core code where validation is weak.

Details available from a security team member on production of two valid forms of ID and a DNA test.

-- CrawfordCurrie - 20 Dec 2008

Would appreciate a review.

-- CrawfordCurrie - 21 Dec 2008

Enough; validation is much, much better now. New bugs must be treated as such.

C.

Reviewed some, and struggled with Foswikirev:1551 for a long time before coming to the conclusion that defusing isn't needed, and it has never been a security issue as perl won't allow this, unless ones uses re 'eval'.

I've fixed the unit test, as your badpattern was failing, and the test was wrong indeed, and I've added a bunch just to ensure we're not breaking basic things with the validatePattern. These tests might not be best in the Fn_SEARCH but they were so closely related to your badpattern that I felt it was best to put them there.

-- OlivierRaginel - 31 Dec 2008
Topic revision: r18 - 22 Feb 2009, KennethLavrsen
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons License