Update of bugs #2018 (project savane):
Priority: A - Later => C - Normal
Status: None => Confirmed
_______________________________________________________
Follow-up Comment #1:
Weird. We should probably check that the relevant forms remove \n
appropriately.
(we could do that in the backend but we'll have to do it anyway in the forms,
to keep safe content in the database).
That said, I do not think a maliciously forged name could make the backend
running arbitrary commands (we use system(command, @args); I think, so it
should be safe even if @arg contains crap).
_______________________________________________________
This item URL is:
<http://gna.org/bugs/?func=detailitem&item_id=2018>
_______________________________________________
Message post� via/par Gna!
http://gna.org/
_______________________________________________
Savane-dev mailing list
[email protected]
https://mail.gna.org/listinfo/savane-dev
