Forum OpenACS Development: Re: Security breach in util_memoize "command $arg"

Posted by Gustaf Neumann on
Hi Frank,

many thanks for this catch! The problem might happen with all non-sanitized variables passed to a quoted util_memoize (which should not happen). This problem might as well become a semantic issue, since the word boundaries are lost though the double quotes, when variables are substituted.

The version in the oacs-5-8 branch is now fixed.