Skip to content
This repository has been archived by the owner on Feb 12, 2022. It is now read-only.

More fine grained validation for staff register #88

Open
exploide opened this issue Aug 22, 2016 · 2 comments
Open

More fine grained validation for staff register #88

exploide opened this issue Aug 22, 2016 · 2 comments
Labels
security
Milestone
ophase-future

Comments

@exploide
Copy link
Member

Since c70673b we protect the views against data injection via manual POST requests. Even when submission was disabled in a settings object, the view did not check that.

This is fine for students and workshops but stuff is a bit more complicated. We should check different tutor, orga, helper fields and match against settings attributes.
@ckleemann
Copy link
Contributor

It is a good idea to write a testcase for this issue first. At the moment I am not sure if this problem relay exists.

@exploide
Copy link
Member Author

For workshop submission, it was definitely there. In case of staff registration it might be the case that the dynamic form field fiddling already protects against this.

@bhaettasch bhaettasch added this to the ophase-future milestone Jul 26, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
ophase-future
Development

No branches or pull requests
3 participants
@exploide @bhaettasch @ckleemann