Tags:
create new tag
view all tags

SID-00476: origurl, unvalidated hidden form field on the login page?

Status: Unanswered Unanswered TWiki version: 4.2.0 Perl version:
Category: CategorySecurity Server OS: Solaris Last update: 16 years ago

I am running TWIki4.2 and was wondering has anyone else had a problem with the origurl hidden form field on the login page being unvalidated? Has this been corrected in any of the newer releases, i haven't seen any information about it anywhere? We get tested for vunerabilities (XSS was the main one in this case) and need to know if this can be fixed.

-- JohnAllen4 - 2009-08-11

Discussion and Answer

Closing this question after more than 30 days of inactivity. Feel free to reopen if needed. Consider engaging one of the TWiki consultants if you need timely help. We invite you to get involved with the community, it is more likely you get community support if you support the open source project!

-- PeterThoeny - 2009-10-02

      Change status to:
ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
SupportForm
Status Unanswered
Title origurl, unvalidated hidden form field on the login page?
SupportCategory CategorySecurity
TWiki version 4.2.0
Server OS Solaris
Web server Apache
Perl version

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2009-10-02 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.