Modify ↓
Opened 16 years ago
Closed 16 years ago
#6781 closed defect (fixed)
Unchecked input on user prefs
| Reported by: | Owned by: | Christian Boos | |
|---|---|---|---|
| Priority: | normal | Milestone: | 0.11 |
| Component: | general | Version: | 0.11b1 |
| Severity: | trivial | Keywords: | |
| Cc: | trac-ja@… | Branch: | |
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
A user can register broken data into database and Service denied for the user.
- Open
Preferences,Keyboard shortcuts. - Change parameter
accesskeys's value1toXXXby DOM-Inspector. - Push
Save changes.
This problem is happend when user is logged in.
Attachments (1)
Change History (3)
by , 16 years ago
| Attachment: | Trac-0.11b1_inputcheckpref_r382.patch added |
|---|
comment:1 by , 16 years ago
| Owner: | changed from to |
|---|---|
| Severity: | normal → trivial |
comment:2 by , 16 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Patch applied in [6578].
I was not entirely convinced of its usefulness, but as we do a brute force int(session.get('accesskeys', 0)) in a sensitive part of the code, better secure this by normalizing what we write in the session data in the first place.
Note:
See TracTickets
for help on using tickets.
patch againsts Trac-0.11b1