Hold the release!
Gervase Markham
gerv at mozilla.org
Sun Feb 16 12:03:44 UTC 2003
Oh dear...
I've just written the test tool described in bug 192677
http://bugzilla.mozilla.org/show_bug.cgi?id=192677
and, having tested it on a single template, I've already found one
instance where an incoming FORM variable is echoed directly in the
template.
I'm having trouble exploiting it - not enough practice, perhaps. It's
the format parameter to query.cgi if anyone's interested; you need to
set query_format to a valid parameter to avoid getting an error.
Anyway, I think we should hold off for a couple of days while we get the
test checked in, and get people to split up the work of using it to
check all the templates.
Gerv
More information about the developers
mailing list