Fisheye: changeset 12229

Alex

committed

12229

on 08 Aug 09

1. Fixes #0000209: Escape and Limit all Environment variables passed in GET.
2. We already escape anything, that goes from request to databa… Show more

1. Fixes #0000209: Escape and Limit all Environment variables passed in GET.

2. We already escape anything, that goes from request to database queries to prevent sql injections.

3. Add check for "../" (prevents going outside In-Portal directory) and for whitespace like symbols (makes sure, that ".tpl" is always added at the end of template name) in template names.

INP-172

Show less

12228

5.0.x

Options

Atlassian Fisheye Subversion analysis (Version:4.6.1 Build:20181008080545 2018-10-08) - Administration - Page generated 2024-05-15 15:11 -0500

Fisheye (Server) Unlimited Users: Open Source License License registered to In-Portal Open Source.

Version 4.8.13 is available. Note: you will need to extend the maintenance on your license to take advantage of this upgrade.