Forum OpenACS Q&A: Response to Stealing Email Addresses -3x

Posted by Stan Kaufman on
David, in what way do you mean that it's susceptible? It calls ad_page_variables in which there's a call to check_for_form_variable_naughtiness. It calls validate_integer. It won't show email addresses until the user is logged in. How can Bad Things happen?