Forum OpenACS Q&A: Re: Security hole in ad_form (may change behavior of ad_form to fix!)

Collapse
11: Re: Security hole in ad_form (may change behavior of ad_form to fix!) (response to 10)
Posted by Tom Jackson on 10/15/03 12:02 AM

Well subst is being called for a purpose. The question seems to be if ad_form is being fed the correct information. ad_form cannot know, and should not care where the string came from. At least that is what I am guessing.