User CGIs shouldn't able to crash IVLE by faking exception headers

Bug #531122 reported by William Grant
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
IVLE
Fix Released
Medium
William Grant

Bug Description

User CGIs can fake IVLE exceptions or cause IVLE to really crash by adding fake X-IVLE-Error-* headers. We should disable detection of those in 'gentle' mode, which is used to make user CGI errors nice.

Related branches

Revision history for this message
William Grant (wgrant) wrote :

Fixed in trunk r1780.

Changed in ivle:
status: In Progress → Fix Committed
Revision history for this message
David Coles (dcoles) wrote :

Released in 1.0.1.

Changed in ivle:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers