Forum OpenACS Q&A: Response to Stealing Email Addresses -3x
Posted by Stan Kaufman on 08/13/02 05:53 PM
David, in what way do you mean that it's susceptible? It calls ad_page_variables in which there's a call to check_for_form_variable_naughtiness. It calls validate_integer. It won't show email addresses until the user is logged in. How can Bad Things happen?