id summary reporter owner description type status priority milestone component version severity resolution keywords cc 2942 "CGI ""id"" parameter not sufficiently validated, could allow for the creation of files on the file system" sdlime sdlime "The CGI parameter (used for pseudo session handling) is not sufficiently validated and could be used to create files outside of intended locations. The parameter is checked for length but not for content so inserting relative paths alters where MapServer will try to create temporary files. The fix is to apply a regex pattern to limit an id's value. Steve " defect closed high 6.0 release MapServer C Library unspecified normal fixed jmckenna dmorissette