October 20, 2003

Potential TWiki security hole

TWiki bug explanation and patch - Shell characters aren’t escaped/filtered when checking in file attachments. Simple patch available on the TWiki site, and a good reminder of why you should always prefer the list form of the Perl system call over the string form.

Next: Can't keep a bad UI down
Previous: Compile-time implementation enforcement... in Perl