[Freeipa-devel] [PATCH] remove auto-wildcard and list users
Rob Crittenden
rcritten at redhat.com
Mon Aug 20 20:44:00 UTC 2007
Simo Sorce wrote:
> On Mon, 2007-08-20 at 13:17 -0700, Kevin McCarthy wrote:
>> if uid != None and len(uid) > 0:
>> - users = client.find_users("*%s*" % uid)
>> + users = client.find_users(uid)
>
> problem here is that you are taking user input and passing it
> unmodified, this is a big RED WARNING. We need to validate input for
> anything we get in.
>
Kevin, if you use a field validator then you should be able restrict the
data type at the TurboGears level.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070820/1451e57c/attachment.bin>
More information about the Freeipa-devel
mailing list