Details
- Applies to
MoinMoin version 1.5.4
- Purpose
- Insure items from user_form_remove aren't processed, to prevent spoofing the form submission
- Description
When the 'UserPreferences' form is created, items from user_form_remove are missed off; however, an attacker could still send a spoofed form submission including the missed-off items. Note that this patch is probably not complete, and a more thorough treatment is likely needed. I don't think it's worth bothering to emit an error, since this kind of spoof shouldn't happen accidentally.
Anyway, this patch is meant to just point out the generic security issue.
Patch
1 diff -ur moin-1.5.4.orig/MoinMoin/userform.py moin-1.5.4/MoinMoin/userform.py
2 --- moin-1.5.4.orig/MoinMoin/userform.py 2006-05-11 12:24:00.000000000 -0400
3 +++ moin-1.5.4/MoinMoin/userform.py 2006-09-06 13:10:50.000000000 -0400
4 @@ -67,6 +67,11 @@
5 if form.has_key('cancel'):
6 return
7
8 + # Partially prevent form spoofing
9 + for remove_item in self.cfg.user_form_remove:
10 + if form.has_key(remove_item):
11 + del form[remove_item]
12 +
13 if form.has_key('account_sendmail'):
14 if not self.cfg.mail_enabled:
15 return _("""This wiki is not enabled for mail processing.
Discussion
Plan
- Priority:
- Assigned to:
- Status: