click-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Moritz Kammerer (JIRA)" <>
Subject [jira] Created: (CLK-726) bypass_validation opens security hole
Date Wed, 03 Nov 2010 22:29:24 GMT
bypass_validation opens security hole

                 Key: CLK-726
             Project: Click
          Issue Type: Bug
          Components: core
            Reporter: Moritz Kammerer

An attacker can easily bypass form validation by setting the hidden field "bypass_validation"
to true. A call to form.isValid() returns true though the validators have not been run. If
the software relies on the form validators, its easy to get "evil" data in the application.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message