[Catalyst] Input/Parameter Checks
Ashley Pond V
apv at sedition.com
Thu Dec 13 23:09:15 GMT 2007
On a tangent; there is still a bug in C::E::CGI for path handling
that can crash an app and potentially expose debug info depending on
one's setup. I reported it first in September 2006 and tried sending
in a patch with test a few months ago. If it's okay, maybe I can have
the fix in for Christmas!
http://lists.scsys.co.uk/pipermail/catalyst/2007-July/014578.html
-Ashley
On Dec 13, 2007, at 2:52 PM, Ash Berlin wrote:
>
> On 13 Dec 2007, at 22:36, Mesdaq, Ali wrote:
>
>> There is also input via url which is actually a little more worrisome
>> than form input. I wonder if there is possible way the Catalyst
>> dispatch
>> internals can be exploited in this manner. Maybe thats an area thats
>> already been reviewed but just mentioning it to throw it out there.
>>
>
> $c->req->parameters includes query arguments and body/form
> parameters, so is there some other issue?
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/
> catalyst at lists.rawmode.org/
> Dev site: http://dev.catalyst.perl.org/
More information about the Catalyst
mailing list