View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0011394 | Taler | exchange | public | 2026-05-12 12:45 | 2026-05-13 07:47 |
| Reporter | Florian Dold | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | git (master) | ||||
| Target Version | 1.6 | Fixed in Version | 1.6 | ||
| Summary | 0011394: exchange does not check FORM_ID in POST /kyc-upload/$ID request | ||||
| Description | The handler for /kyc/upload/$ID only checks the presence of FORM_ID in the payload, but does not check that the FORM_ID actually matches the measure that the form is being uploaded for. This is problematic, as even if the subsequent AML program run checks for the FORM_ID, the uploaded data with the (unsolicited!) FORM_ID will still be persisted to the database, potentially leading to confusion. Reproducer: $ taler-harness run-integrationtests kyc-form-validation | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2026-05-12 12:45 | Florian Dold | New Issue | |
| 2026-05-12 15:14 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2026-05-12 15:14 | Christian Grothoff | Status | new => assigned |
| 2026-05-12 15:14 | Christian Grothoff | Product Version | => git (master) |
| 2026-05-12 15:14 | Christian Grothoff | Target Version | => 1.6 |
| 2026-05-13 07:47 | Christian Grothoff | Status | assigned => resolved |
| 2026-05-13 07:47 | Christian Grothoff | Resolution | open => fixed |
| 2026-05-13 07:47 | Christian Grothoff | Fixed in Version | => 1.6 |
