[Bug 752454] AUDIT-0: need cups & cups-pk-helper audit to allow change in cups-pk-helper policies

https://bugzilla.novell.com/show_bug.cgi?id=752454 https://bugzilla.novell.com/show_bug.cgi?id=752454#c15 --- Comment #15 from Sebastian Krahmer <krahmer@suse.com> 2012-03-27 14:47:19 UTC --- Yes, my point was that the validation function (_cph_cups_is_printer_name_valid_internal() that is?) must also check for '?', '+', '&', '=' and '%' characters. Otherwise you can inject variables or HTTP request stuff into the IPP request. Just encoding it is not enough, as cups will just decode it and see '?' etc. characters as separator? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.