Up to now this is the only problem reported due to the
1.8.2-new variable testing of SQL metacharacters in
The error is like:
Invalid variable value : page = BPFK Checkpoint:
If you're trying to edit or create a page named "BPFK
Checkpoint: Letterals #1"
This comes from this line of code :
$patterns['string'] = "/^[^<>\";&#]*$/"; // find, and
such extended chars
This can and will effect anywhere a GET parameter
contains those characters.
"the protection can probably be enhanced, just nobody
complained up to now. The detail of the security issue
is on http://www.gulftech.org/04112004.php (chapter
Here's the full topic on tikiwiki-devel, thanks to Robin :