[PATCH] 30 Escape parameter values in search filter. - Pki-devel - Dogtag Pki List Archives

2025

January

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

[PATCH] 30 Escape parameter values in search filter.

Announcing 'Dogtag 10.0.0 (Alpha)'

[PATCH]...

Endi Sukma Dewata

Wednesday, 14 March 2012 Wed, 14 Mar '12

1:09 p.m.

The REST interface was vulnerable to injection attack. This has been fixed by escaping the special characters in parameter values before using them in the search filter. Ticket #96 -- Endi S. Dewata

Attachments:

pki-edewata-0030-Escape-parameter-values-in-search-filter.patch (text/x-patch — 4.7 KB)

Reply

Show replies by date

Endi Sukma Dewata

Wednesday, 14 March Wed, 14 Mar

2:48 p.m.

On 3/14/2012 1:09 PM, Endi Sukma Dewata wrote:

The REST interface was vulnerable to injection attack. This has been fixed by escaping the special characters in parameter values before using them in the search filter. Ticket #96

ACKed by Ade. I added some clarification in the code. Pushed to master. -- Endi S. Dewata

Reply

4678

days inactive

4678

days old

devel@lists.dogtagpki.org

Manage subscription

1 comments

1 participants

tags (0)

participants (1)

Endi Sukma Dewata