Changes between Initial Version and Version 1 of Ticket #13585, comment 3
- Timestamp:
- Aug 19, 2019, 4:22:11 AM (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #13585, comment 3
initial v1 2 2 > I consider we should prevent to use tainted data, e.g. `req.args`, for key of `req.session`. 3 3 4 It looks like the value are stored in the session and thedeleted after the redirect: [trac:source:plugins/1.2/spam-filter/tracspamfilter/captcha/api.py@15250:188-199#L163]. So we can just send the arguments on redirect and avoid storing in the session?4 It looks like the args are stored in the session and then deleted after the redirect: [trac:source:plugins/1.2/spam-filter/tracspamfilter/captcha/api.py@15250:188-199#L163]. So we can just send the arguments on redirect and avoid storing in the session?