• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item6136: User input is passed to the perl "eval" command without first being sanitized.

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine   Urgent Closed   n/a 4.2.4, 5.0.0

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

User input is passed to the perl "eval" command without first being sanitized in Time.pm module.

  • Thanks Peter Allor for raising this issue.
  • Thanks Crawford for providing patch to this issue.

-- TWiki:Main/SopanShewale - 01 Dec 2008

Closing After Security Announcements and Release 4.2.4

-- SopanShewale - 11 Dec 2008

ItemTemplate
Summary User input is passed to the perl "eval" command without first being sanitized.
ReportedBy TWiki:Main.SopanShewale
Codebase 4.2.2
SVN Range TWiki-5.0.0, Wed, 22 Oct 2008, build 17677
AppliesTo Engine
Component

Priority Urgent
CurrentState Closed
WaitingFor

Checkins TWikirev:17741 TWikirev:17742
TargetRelease n/a
ReleasedIn 4.2.4, 5.0.0
Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r3 - 2008-12-11 - SopanShewale
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback