SID-02465: ActionTrackerPlugin - Insecure dependency with -T switch

Status:	Asked	TWiki version:	6.1.0	Perl version:	5.16.3
Category:	CategoryPlugins	Server OS:	Centos 7.9.2009	Last update:	4 years ago

Hello When using the ActionTrackerPlugin the state dropdown menu gives an error when changed.

Insecure dependency in open while running with -T switch

I guess that there is a variable to untaint, but I cant find the culprit

Anyone else seen this error?

Thanks for any feedback

-- Peter Jones - 2021-02-19

Discussion and Answer

I just installed this plugin for testing on Centos 7.8 and Perl 5.16.3 and can't reproduce the insecure dependency issue when changing the open/close state.

Log of REST call looks ok too:

"GET /svn-trunk/rest/ActionTrackerPlugin/update?topic=Sandbox.ActionTrackerTest;uid=000001;nocache=5573562324;field=state;value=closed HTTP/1.1" 200 2

Although wondering why this is a GET and not a POST.

-- Peter Thoeny - 2021-03-01

Above test was on TWiki SVN trunk.

I now just tested on a TWiki-6.0 installation, no insecure dependency issues reported either.

Not sure why you get those errors.

-- Peter Thoeny - 2021-03-02

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.