[ic] Form variable names with dashes don't work with profile checks

Peter peter at pajamian.dhs.org
Fri May 27 06:02:52 UTC 2016


It seems that if you have a form variable with dashes in it (not
underscores) and attempt to run a profile check on it, do_check() parses
out only that part of the variable name after the final dash.  This is
due to the regexp which parses the profile line in do_check():

                elsif ($parameter =~ /(\w+)[\s=]+(.*)/) {

...since dash is not included in word characters it won't parse out as
part of the profile name.

Is there any reason why the above line can't be changed to:

                elsif ($parameter =~ /([\w-]+)[\s=]+(.*)/) {

...and should we allow even additional characters?

The reason this is coming up is because I'm adding a profile check for
recaptchas, and the recaptcha system uses "g-recaptcha-response" for the
form name.


Peter



More information about the interchange-users mailing list