aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorJoey Hess <joey@gnu.kitenet.net>2009-05-18 15:25:10 -0400
committerJoey Hess <joey@gnu.kitenet.net>2009-05-18 15:25:10 -0400
commit23a4ee6d15dbd9b8e8c6588a829dd30a26a8de32 (patch)
tree5d7d76ba25bd6331e1f2940c481477ecb4de9d12 /doc
parent0516ba04d014628be983dbd3e4c28a8f52a2c3e7 (diff)
downloadikiwiki-23a4ee6d15dbd9b8e8c6588a829dd30a26a8de32.tar
ikiwiki-23a4ee6d15dbd9b8e8c6588a829dd30a26a8de32.tar.gz
Allow curly braces to be used in pagespecs
And avoid a whole class of potential security problems (though none that I know of actually existing..), by avoiding performing any string interpolation on user-supplied data when translating pagespecs.
Diffstat (limited to 'doc')
-rw-r--r--doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn2
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn b/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn
index c03f82907..e3146d92a 100644
--- a/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn
+++ b/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn
@@ -35,6 +35,6 @@ More tests:
> * Avoid exposing user input to interpolation as a string. One
> way that comes to mind is to have a local string lookup hash,
> and insert each user specified string into it, then use the hash
-> to lookup the specified strings at runtime.
+> to lookup the specified strings at runtime. [[done]]
>
> --[[Joey]]