From the look of
(svnversion 606559), it uses
that part of the URL before the first occurrence of a match to the regex
[,;!], followed by a # and the name of the form element. This seems
vulnerable to me under situations where URL parameters determine privilege
(Why [,;!] and not ?, I wonder? The comment in the code implies that this
is working around a `potential security issue' but doesn't say what that
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds