projects / ikiwiki / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d8943d8) | patch
Make sure we do not pass multiple CGI parameters in function calls
authorSimon McVittie <smcv@debian.org>
Sat, 11 Oct 2014 08:28:22 +0000 (09:28 +0100)
committerSimon McVittie <smcv@debian.org>
Thu, 16 Oct 2014 21:24:47 +0000 (22:24 +0100)
commitf4ec7b06d97c8406c5f5be7332ead2f28c271371
treee4c49055cbf2268321cbd79f13c8eb9762336096tree | snapshot
parentd8943d8668d2489b78d9c7c2abdad9f71d193724commit | diff
Make sure we do not pass multiple CGI parameters in function calls

When CGI->param is called in list context, such as in function
parameters, it expands to all the potentially multiple values
of the parameter: for instance, if we parse query string a=b&a=c&d=e
and call func($cgi->param('a')), that's equivalent to func('b', 'c').
Most of the functions we're calling do not expect that.

I do not believe this is an exploitable security vulnerability in
ikiwiki, but it was exploitable in Bugzilla.
IkiWiki/Plugin/attachment.pm diff | blob | blame | history
IkiWiki/Plugin/goto.pm diff | blob | blame | history
IkiWiki/Plugin/inline.pm diff | blob | blame | history
IkiWiki/Plugin/openid.pm diff | blob | blame | history
IkiWiki/Plugin/poll.pm diff | blob | blame | history
IkiWiki/Plugin/rename.pm diff | blob | blame | history
Ikiwiki patches