[Freeipa-devel] [PATCH] remove auto-wildcard and list users
Simo Sorce
ssorce at redhat.com
Mon Aug 20 20:28:20 UTC 2007
On Mon, 2007-08-20 at 13:17 -0700, Kevin McCarthy wrote:
> if uid != None and len(uid) > 0:
> - users = client.find_users("*%s*" % uid)
> + users = client.find_users(uid)
problem here is that you are taking user input and passing it
unmodified, this is a big RED WARNING. We need to validate input for
anything we get in.
Simo.
More information about the Freeipa-devel
mailing list