Rule 420002: Enforce correct encoding type
Purpose
In order to submit any content (wiki pages, attachments, tickets, ticket comments) to Trac HTML forms must be used to enter the relevant data. Trac only accepts two content types the form data is encoded in, x-www-form-urlencoded and multipart/form-data. This rule checks for these two encoding types to prevent ScallyWhack being fooled with some artificially crafted requests.
Example
n/a
Protected handlers
See rule 420001.
See also
- encoding type validation performed in Trac
- form content types explained (W3C)
History
- rev:1
- Initial version.
