• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close • Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
Item5645: raw=debug creates security issue
Item Form Data
| AppliesTo: | Component: | Priority: | CurrentState: | WaitingFor: | TargetRelease | ReleasedIn |
|---|---|---|---|---|---|---|
| Engine | view | Urgent | No Action Required | major |
Edit Form Data
Detail
The User-Topics contain personal data like email address. These personal data are protected from the view of other users by storing them in the META data. They are supposed to be viewed and changed with the UserForm only by the user to whom they belong. But by simply adding the parameter "?raw=debug" to the URL when viewing a User Topic reveals the META data. This means that a robot can retrieve email addresses and other personal data of all users for SPAM and other nasty purposes.
-- TWiki:Main/MartinMayer
- 21 May 2008
The email is only visible if the user has written it in the user topic. The email address entered at registration is not displayed nor stored in the user topic.
-- TWiki:Main/ArthurClemens - 21 May 2008
- 21 May 2008
The email is only visible if the user has written it in the user topic. The email address entered at registration is not displayed nor stored in the user topic.
-- TWiki:Main/ArthurClemens - 21 May 2008
| ItemTemplate | |
|---|---|
| Summary | raw=debug creates security issue |
| ReportedBy |
TWiki:Main.MartinMayer
|
| Codebase | 4.2.0 |
| SVN Range | TWiki-5.0.0, Sun, 04 May 2008, build 16770 |
| AppliesTo | Engine |
| Component | view |
| Priority | Urgent |
| CurrentState | No Action Required |
| WaitingFor | |
| Checkins | |
| TargetRelease | major |
| ReleasedIn | |
Edit | Attach | Raw edit | More topic actionsTopic revision: r2 - 2008-05-21 - ArthurClemens
Site map
Bugs web
Create New Report
Index
Search
Detailed Items Query
Changes
100
Notifications
RSS Feed
Statistics
Preferences
Bugs 
Items by urgency
My Reports
Recently Closed
Extensions
By Status 
Waiting for Feedback
Confirmed
Being Worked On
Waiting for Release
No Action Required
Lima 
Fixes for Rel.Notes
Create Feature Request
Account 
Copyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback