Ok, so you used request_content instead of query_string and don't have a
docauthors field. That's not quite the point. When you are reading untrusted
data supplied by the user you can't just go plonking it into a server trusted
area without allowing a malicious user to cause problems.
My hypothetical value pair was just that. I would have to assume you use the
field DocAuthors as a Authors field. Since it would come in as type-Text a
later Document.ComputeWithForm would have to re-apply the Names/Author magic
bits.
All I'm saying is that unless you trust your users explictly (and document the
security hole) you may have a problem. Now... all of this is moot if say, you
just use Session.DocumentContext as a source for data from the user and don't
just pass it verbatim onto the application. This is still open to an attack
where the user supplies a request_content value pair in request_content
"....&request_content=remote_user%37=Some%20Admin%2F ...".
So you would want to (a) avoid writing the values back to the DocumentContext
document to prevent overwriting and (b) avoid writing to a document that is
going to be saved. You get around these problems by either (a) extract the
values you need explictly or (b) use something like Jake and I propose
(different solutions) where the extracted values just go into some in-memory
object.
All of this just makes me pine for something like perl's Taint operator.
Ok, so you used request_content instead of query_string and don't have a docauthors field. That's not quite the point. When you are reading untrusted data supplied by the user you can't just go plonking it into a server trusted area without allowing a malicious user to cause problems.
My hypothetical value pair was just that. I would have to assume you use the field DocAuthors as a Authors field. Since it would come in as type-Text a later Document.ComputeWithForm would have to re-apply the Names/Author magic bits.
All I'm saying is that unless you trust your users explictly (and document the security hole) you may have a problem. Now... all of this is moot if say, you just use Session.DocumentContext as a source for data from the user and don't just pass it verbatim onto the application. This is still open to an attack where the user supplies a request_content value pair in request_content "....&request_content=remote_user%37=Some%20Admin%2F ...".
So you would want to (a) avoid writing the values back to the DocumentContext document to prevent overwriting and (b) avoid writing to a document that is going to be saved. You get around these problems by either (a) extract the values you need explictly or (b) use something like Jake and I propose (different solutions) where the extracted values just go into some in-memory object.
All of this just makes me pine for something like perl's Taint operator.
Josh