bypass_validation opens security hole
-------------------------------------
Key: CLK-726
URL: https://issues.apache.org/jira/browse/CLK-726
Project: Click
Issue Type: Bug
Components: core
Reporter: Moritz Kammerer
An attacker can easily bypass form validation by setting the hidden field
"bypass_validation" to true. A call to form.isValid() returns true though the
validators have not been run. If the software relies on the form validators,
its easy to get "evil" data in the application.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
