• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item5645: raw=debug creates security issue

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine view Urgent No Action Required   major  

Edit Form Data

Reported By:
Applies To:
Current State:
Waiting For:
Target Release:
Released In:


The User-Topics contain personal data like email address. These personal data are protected from the view of other users by storing them in the META data. They are supposed to be viewed and changed with the UserForm only by the user to whom they belong. But by simply adding the parameter "?raw=debug" to the URL when viewing a User Topic reveals the META data. This means that a robot can retrieve email addresses and other personal data of all users for SPAM and other nasty purposes.

-- TWiki:Main/MartinMayer - 21 May 2008

The email is only visible if the user has written it in the user topic. The email address entered at registration is not displayed nor stored in the user topic.

-- TWiki:Main/ArthurClemens - 21 May 2008

Summary raw=debug creates security issue
ReportedBy TWiki:Main.MartinMayer
Codebase 4.2.0
SVN Range TWiki-5.0.0, Sun, 04 May 2008, build 16770
AppliesTo Engine
Component view
Priority Urgent
CurrentState No Action Required


TargetRelease major

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r2 - 2008-05-21 - ArthurClemens
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback