Item528: Code validation is weak in places
Priority: Urgent
Current State: Closed
Released In: 1.0.0
Target Release: patch
Applies To: Engine
Component:
Branches:
There are couple of places in the core code where validation is weak.
Details available from a security team member on production of two valid forms of ID and a DNA test.
--
CrawfordCurrie - 20 Dec 2008
Would appreciate a review.
--
CrawfordCurrie - 21 Dec 2008
Enough; validation is much, much better now. New bugs must be treated as such.
C.
Reviewed some, and struggled with
distro:1a8232525df8 for a long time before coming to the conclusion that defusing isn't needed, and it has never been a security issue as perl won't allow this, unless ones uses re 'eval'.
I've fixed the unit test, as your badpattern was failing, and the test was wrong indeed, and I've added a bunch just to ensure we're not breaking basic things with the validatePattern. These tests might not be best in the Fn_SEARCH but they were so closely related to your badpattern that I felt it was best to put them there.
--
OlivierRaginel - 31 Dec 2008