Item11322: sandbox untaint seems to have no tests, and I just found something that i recon is broken
Priority: Normal
Current State: No Action Required
Released In: n/a
Target Release: n/a
Tasks.Item11321 made me look at inputting bad values
<SvenDowideit> Foswiki::Sandbox::untaint( $web, \&Foswiki::Sandbox::validateWebName );
<FoswikiBot> http://trunk.foswiki.org/System/PerlDoc?module=Foswiki::Sandbox [ (Foswiki login) PerlDoc ]
<SvenDowideit> also has no unit tests
<SvenDowideit> and validateTopicName passes '/.Something'
<SvenDowideit> returning '/Something'
# Set the requestedWebName before applying defaults - used by statistics
# generation. Note: This is validated using Topic name rules to permit
# names beginning with lower case.
$this->{requestedWebName} =
Foswiki::Sandbox::untaint( $web, \&Foswiki::Sandbox::validateTopicName );
# Validate web name from path info
$this->{webName} =
Foswiki::Sandbox::untaint( $web, \&Foswiki::Sandbox::validateWebName );
with
# - Invalid web name - Tasks.Item11321
$this->urltest( '/.Main/WebPreferences',
'', 'WebPreferences' );
$this->{requestedWebName} becomes '/Main';
$this->{webName} = undef
--
SvenDowideit - 02 Dec 2011
which made me want to read the unit tests for untaint - and i didn't find them
--
SvenDowideit - 02 Dec 2011
The behaviour described is correct for web name validation -
/.
is equivalent to
//
which is equivalent to
/
in web names.
While some unit tests would be nice, that's all they'd be IMHO. No action, for pollution control.
--
CrawfordCurrie - 15 Jun 2015