This is an automated notification sent by LCG Savannah.
It relates to:
task #12707, project CDS Invenio
==============================================================================
OVERVIEW of task #12707:
==============================================================================
URL:
<http://savannah.cern.ch/task/?12707>
Summary: BibKnowledge: argument sanity checking
Project: CDS Invenio
Submitted by: simko
Submitted on: 2009-11-24 09:24
Should Start On: 2009-11-24 00:00
Should be Finished on: 2009-11-24 00:00
Category: BibKnowledge
Priority: 5 - Normal
Status: None
Privacy: Public
Percent Complete: 0%
Assigned to: man
Open/Closed: Open
Discussion Lock: Any
Effort: 0.00
_______________________________________________________
1) The argument sanity checking should be checked and improved. Three
examples:
E.g. when I try to upload a KBD without specifying a file, the system
accepts it and responds ``File kbfiles/5.rdf uploaded.''
E.g. when I add a new KB with `<plaintext>' for description, the /kb
overview page display get broken, since values are not cgi.escape'ed.
E.g. try to search for `<plaintext>', or for `alert("xss");</script>'.
2) While at washing the arguments, the navtrails should also be
updated, since it is not homogeneous on all pages (e.g. it gets false
after you add a KBD).
_______________________________________________________
Carbon-Copy List:
CC Address | Comment
------------------------------------+-----------------------------
1576 | -SUB-
==============================================================================
This item URL is:
<http://savannah.cern.ch/task/?12707>
_______________________________________________
Message sent via/by LCG Savannah
http://savannah.cern.ch/
