Home
About Download Documentation Wiki Forums Contribute Support
The Toolkit for Online Communities
15887 Community Members, 0 members online, 2070 visitors today 		Log In Register

Forum OpenACS Q&A: Re: Security hole in ad_form (may change behavior of ad_form to fix!)

OpenACS Home : Forums : OpenACS Q&A : Re: Security hole in ad_form (may change behavior of ad_form to fix!) : One Message

+
16: Re: Security hole in ad_form (may change behavior of ad_form to fix!) (response to 1)
Posted by Jerry Asher on 10/23/03 10:06 AM
Congrats Jade, and then a plea...

Can someone explain this in terms us mortals might understand?

What does it really take to allow a user to break ad_form?

If for instance, I display their name in a form, is there anyway that there claiming to be "Joe [rm -rf /] Random" will get executed?

+
17: Re: Security hole in ad_form (may change behavior of ad_form to fix!) (response to 16)
Posted by Jade Rubick on 10/23/03 09:24 PM
I don't really understand what Lars' changes are, but prior to the bug-fix -- yes, this is exactly what would happen: you would delete your hard disk, say, when you look at a form that lists all the users in a select list using ad_form.
This website is maintained by the OpenACS Community. Any problems, email webmaster or Submit a bug report.