Re: RAW=T..Strange behaviour
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 28724
interpreted = N
texte = >Is there a reason that I'm not thinking of where adding &raw=t to a url>would be necessary? The reason I ask is that by adding it to a url, it>causes the page to break at the first [include] tag (for instance,>http://store.smithmicro.com/buy/results.tpl?cart=9525619682420456&raw=T).>It's not really a security issue, just that a command like that can be used>to make a site look really bad. So if there is no good reason to allow such>a command, can it be put on the wish list to make it work only as a context?This is actually a parameter, not a command -- but realistically it should not have any effect on a page whether you add it to the URL or not, so this is a genuine BUG if you ask me. I hope you have emailed SM directly about this, because they don't seem to read these list messages consistently.By the way, I just did some more testing and it doesn't seem to matter what follows the =, whether it's T or F or even if nothing follows the =, because as long as webcat gets the name raw in between the & and = that's all it needs to destroy the page.================================Kenneth Grome, WebDNA Consultant808-737-6499 http://webdna.net================================-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to
Associated Messages, from the most recent to the oldest:
>Is there a reason that I'm not thinking of where adding &raw=t to a url>would be necessary? The reason I ask is that by adding it to a url, it>causes the page to break at the first [include] tag (for instance,>http://store.smithmicro.com/buy/results.tpl?cart=9525619682420456&raw=T).>It's not really a security issue, just that a command like that can be used>to make a site look really bad. So if there is no good reason to allow such>a command, can it be put on the wish list to make it work only as a context?This is actually a parameter, not a command -- but realistically it should not have any effect on a page whether you add it to the URL or not, so this is a genuine BUG if you ask me. I hope you have emailed SM directly about this, because they don't seem to read these list messages consistently.By the way, I just did some more testing and it doesn't seem to matter what follows the =, whether it's T or F or even if nothing follows the =, because as long as webcat gets the name raw in between the & and = that's all it needs to destroy the page.================================Kenneth Grome, WebDNA Consultant808-737-6499 http://webdna.net================================-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to
Kenneth Grome
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Carrying Forward (1998)
Nesting format tags (1997)
[protect admin] (1997)
Help! WebCat2 bug (1997)
frames & carts (1997)
Multi Actions (1999)
[WebDNA] [BULK] Securing WebCatalog login (2017)
Snake Bites (1997)
MOOOOOO (2000)
[WebDNA] Format Days_To_Date (2008)
Odd [math] behaviour (2003)
Avoiding duplicate db entries (2002)
No comment (1997)
Multiple fields on 1 input (1997)
RAM variables (1997)
mac hack (1997)
WebCat2b15MacPlugIn - [authenticate] not [protect] (1997)
Re:ListFields and [name] (1997)
So what ya working on? (or have you completed?) (2004)
RE: Shopping Cart Questions (1998)