Check content of the string to identify potentially unsafe content in the provided str…
Show more
new API call util::potentially_unsafe_eval_p Check content of the string to identify potentially unsafe content in the provided string. The content is unsafe, when it contains externally provided content, which might be provided e.g. via query variables, or via user values stored in the database. When such content contains square braces, a "subst" command on theses can evaluate arbitrary commands, which is dangerous.The new API call is used in "::xo::Package->return_page", where the"subst" command stripped from its command substitution capabilities.In case, command subsitution is needed, perform this prior this call.bumped acs-tcl to 5.10.1d23bumped xotcl-core to 5.10.1d13
Show less
