Closed Bug 686374 Opened 14 years ago Closed 14 years ago

Possible security issue with ExtendedURLField

Tracking

(Not tracked)

Status:

RESOLVED FIXED

Milestone:

4.2

People

(Reporter: davedash, Unassigned)

Details

(Whiteboard: [upstream][qa-])

Dave Dash [:davedash, :dd] (assign all bugs to mbrandt)

Reporter

Description

•

14 years ago

Check that verifies_true=False in usage of ExtendedURLField.

Dave Dash [:davedash, :dd] (assign all bugs to mbrandt)

Reporter

Comment 1

•

14 years ago

Sorry it should be: verify_exists=False

Dave Dash [:davedash, :dd] (assign all bugs to mbrandt)

Reporter

Comment 2

•

14 years ago

I'm lazily blocked on James Bennet's patches to the 1.3x (and presumably 1.4x) branches... If there's a rush on this, I can manually change things and revert Input to 1.3. But I don't think there is a rush.

Whiteboard: [upstream]

Dave Dash [:davedash, :dd] (assign all bugs to mbrandt)

Reporter

Comment 3

•

14 years ago

These got fixed.

Status: NEW → RESOLVED

Closed: 14 years ago

Resolution: --- → FIXED

Stephen Donner [:stephend] Not actively reading bugmail

Updated

•

14 years ago

Whiteboard: [upstream] → [upstream][qa-]

Nobody; OK to take it and work on it

Assignee

Updated

•

9 years ago

Product: Input → Input Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Possible security issue with ExtendedURLField

Categories

(Input Graveyard :: Code Quality, defect)

Tracking

(Not tracked)

People

(Reporter: davedash, Unassigned)

References

Details

(Whiteboard: [upstream][qa-])

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Comment 3

Updated

Updated