Index: openacs-4/packages/acs-templating/tcl/form-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-templating/tcl/form-procs.tcl,v
diff -u -r1.45.2.9 -r1.45.2.10
--- openacs-4/packages/acs-templating/tcl/form-procs.tcl 25 Nov 2013 09:36:37 -0000 1.45.2.9
+++ openacs-4/packages/acs-templating/tcl/form-procs.tcl 1 Mar 2014 14:37:35 -0000 1.45.2.10
@@ -548,14 +548,20 @@
# Check for errors in hidden elements
foreach element_ref $elements {
-
+
# get a reference by element ID
upvar #$level $element_ref element
if { $element(widget) eq "hidden" &&
[info exists $id:error($element(id))] && [set $id:error($element(id))] ne ""
} {
- error "Validation error in hidden form element: '[set $id:error($element(id))]' on element '$element(id)'."
+ # Submitting invalid data to hidden elements is a common attack vector.
+ # This does not give them much information in the response.
+ ad_return_complaint 1 "Your request is invalid."
+ ns_log Warning "Validation error in hidden form element.\
+ This may be part of a vulnerability scan or attack reconnaissance: \
+ '[set $id:error($element(id))]' on element '$element(id)'."
+ ad_script_abort
}
}
@@ -857,8 +863,7 @@
set value [ns_set value $form $i]
append export_data "
- "
+ "
}
return $export_data