mirror of
https://github.com/github/codeql.git
synced 2025-12-18 18:10:39 +01:00
15 lines
368 B
C#
15 lines
368 B
C#
using System.Web;
|
|
|
|
public class HttpHandler : IHttpHandler
|
|
{
|
|
string Surname, Forenames, FormattedName;
|
|
|
|
public void ProcessRequest(HttpContext ctx)
|
|
{
|
|
string format = ctx.Request.QueryString["nameformat"]; // $ Source
|
|
|
|
// BAD: Uncontrolled format string.
|
|
FormattedName = string.Format(format, Surname, Forenames); // $ Alert
|
|
}
|
|
}
|