Changes between Initial Version and Version 1 of Ticket #13585, comment 3


Ignore:
Timestamp:
Aug 19, 2019, 4:22:11 AM (3 years ago)
Author:
Ryan J Ollos
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #13585, comment 3

    initial v1  
    22> I consider we should prevent to use tainted data, e.g. `req.args`, for key of `req.session`.
    33
    4 It looks like the value are stored in the session and the deleted after the redirect: [trac:source:plugins/1.2/spam-filter/tracspamfilter/captcha/api.py@15250:188-199#L163]. So we can just send the arguments on redirect and avoid storing in the session?
     4It looks like the args are stored in the session and then deleted after the redirect: [trac:source:plugins/1.2/spam-filter/tracspamfilter/captcha/api.py@15250:188-199#L163]. So we can just send the arguments on redirect and avoid storing in the session?