From 23a4ee6d15dbd9b8e8c6588a829dd30a26a8de32 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@gnu.kitenet.net>
Date: Mon, 18 May 2009 15:25:10 -0400
Subject: Allow curly braces to be used in pagespecs

And avoid a whole class of potential security problems (though
none that I know of actually existing..), by avoiding
performing any string interpolation on user-supplied data when translating
pagespecs.
---
 doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'doc/bugs')

diff --git a/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn b/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn
index c03f82907..e3146d92a 100644
--- a/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn
+++ b/doc/bugs/pagespec_can__39__t_match___123__curly__125___braces.mdwn
@@ -35,6 +35,6 @@ More tests:
 > * Avoid exposing user input to interpolation as a string. One
 >   way that comes to mind is to have a local string lookup hash,
 >   and insert each user specified string into it, then use the hash
->   to lookup the specified strings at runtime.
+>   to lookup the specified strings at runtime. [[done]]
 > 
 > --[[Joey]] 
-- 
cgit v1.2.3