Re: hmmm

This WebDNA talk-list message is from

2006


It keeps the original formatting.
numero = 67352
interpreted = N
texte = John Peacock wrote: > Jesse Proudman wrote: >> [This was reported to SM a week or two ago] >> >> On a security note... >> >> http://www.smithmicro.com/?text=&!=&math= >> Actually, turning off "Display Error Message" in Preferences seems to help some (if you cannot directly filter those requests). We can infer that what is happening is the automatic formvariable to context code is firing for "!" and "text" and "math" and if you have one of those contexts in an include file or template, the substitution code will break your existing code (by eating the initial [!] or [text] or [math] tag), and the remainder of your template or include file will be displayed as is in the page. This is an incredibly big deal. I'm going to go through all of the other paired contexts ([context][/context]) and see whether those are affected as well... John -- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Hmmm ... and thanks! (Kenneth Grome 2008)
  2. Re: [WebDNA] Hmmm ... (Donovan Brooke 2008)
  3. Re: [WebDNA] Hmmm ... ("Jim Lanford." 2008)
  4. Re: [WebDNA] Hmmm ... (Christer Olsson 2008)
  5. Re: [WebDNA] Hmmm ... ("Dan Strong" 2008)
  6. Re: [WebDNA] Hmmm ... (Bob Minor 2008)
  7. RE: [WebDNA] Hmmm ... ("Olin Lagon" 2008)
  8. Re: [WebDNA] Hmmm ... (Govinda 2008)
  9. Re: [WebDNA] Hmmm ... (Gary Krockover 2008)
  10. RE: [WebDNA] Hmmm ... ("Michael A. DeLorenzo" 2008)
  11. Re: [WebDNA] Hmmm ... (Patrick McCormick 2008)
  12. Re: [WebDNA] Hmmm ... ("Brian Boegershausen" 2008)
  13. Re: [WebDNA] Hmmm ... (Govinda 2008)
  14. Re: [WebDNA] Hmmm ... (Kenneth Grome 2008)
  15. RE: [WebDNA] Hmmm ... ("Vincent Medina" 2008)
  16. Re: [WebDNA] Hmmm ... (Govinda 2008)
  17. Re: [WebDNA] Hmmm ... (Dylan Wood 2008)
  18. Re: [WebDNA] Hmmm ... (Kenneth Grome 2008)
  19. RE: [WebDNA] Hmmm ... ("Michael A. DeLorenzo" 2008)
  20. Re: [WebDNA] Hmmm ... (Kenneth Grome 2008)
  21. Re: [WebDNA] Hmmm ... (Bob Minor 2008)
  22. Re: [WebDNA] Hmmm ... (Kenneth Grome 2008)
  23. Re: [WebDNA] Hmmm ... (Stuart Tremain 2008)
  24. Re: [WebDNA] Hmmm ... (Kenneth Grome 2008)
  25. Re: [WebDNA] Hmmm ... (Terry Wilson 2008)
  26. [WebDNA] Hmmm ... (Kenneth Grome 2008)
  27. Re: hmmm ( Gary Krockover 2006)
  28. Re: hmmm ( "WebDna @ Inkblot Media" 2006)
  29. Re: hmmm ( "Howard Wolosky" 2006)
  30. Re: hmmm ( Donovan Brooke 2006)
  31. Re: hmmm ( Donovan Brooke 2006)
  32. Re: hmmm ( Donovan Brooke 2006)
  33. Re: hmmm ( "WebDna @ Inkblot Media" 2006)
  34. Re: hmmm ( John Peacock 2006)
  35. Re: hmmm ( Clint Davis 2006)
  36. Re: hmmm ( Jesse Proudman 2006)
  37. Re: hmmm ( Donovan Brooke 2006)
  38. Re: hmmm ( devaulw@onebox.com 2006)
  39. Re: hmmm ( "Dan Strong" 2006)
  40. Re: hmmm ( Clint Davis 2006)
  41. Re: hmmm ( "Dan Strong" 2006)
  42. Re: hmmm ( "Dan Strong" 2006)
  43. Re: hmmm ( Terry Wilson 2006)
  44. Re: hmmm ( Stuart Tremain 2006)
  45. Re: hmmm ( "Dan Strong" 2006)
  46. Re: hmmm ( "Dan Strong" 2006)
  47. Re: hmmm ( "Nitai @ ComputerOil" 2006)
  48. Re: hmmm ( "Bess Ho" 2006)
  49. Re: hmmm ( "Bess Ho" 2006)
  50. Re: hmmm ( Jesse Proudman 2006)
  51. Re: hmmm ( "Bess Ho" 2006)
  52. Re: hmmm ( Kenneth Grome 2006)
  53. Re: hmmm ( Jesse Proudman 2006)
  54. Re: hmmm ( devaulw@onebox.com 2006)
  55. Re: hmmm ( John Peacock 2006)
  56. Re: hmmm ( Jesse Proudman 2006)
  57. Re: hmmm ( John Peacock 2006)
  58. Re: hmmm ( John Peacock 2006)
  59. Re: hmmm ( Jesse Proudman 2006)
  60. Re: hmmm ( Kenneth Grome 2006)
  61. Re: hmmm ( John Peacock 2006)
  62. Re: hmmm ( John Peacock 2006)
  63. Re: hmmm ( Jim Ziegler 2006)
  64. Re: hmmm ( Jesse Proudman 2006)
  65. Re: hmmm ( WJ Starck 2006)
  66. Re: hmmm ( Clint Davis 2006)
  67. Re: hmmm ( WJ Starck 2006)
  68. Re: hmmm ( WJ Starck 2006)
  69. Re: hmmm ( Clint Davis 2006)
  70. Re: hmmm ( Clint Davis 2006)
  71. Re: hmmm ( "Bess Ho" 2006)
  72. Re: hmmm ( Stuart Tremain 2006)
  73. Re: hmmm ( WJ Starck 2006)
  74. Re: hmmm ( Stuart Tremain 2006)
  75. Re: hmmm ( WJ Starck 2006)
  76. Re: hmmm ( Jesse Proudman 2006)
  77. Re: hmmm ( Stuart Tremain 2006)
  78. Re: hmmm ( Eric king 2006)
  79. Re: hmmm ( Jesse Proudman 2006)
  80. Re: hmmm ( devaulw@onebox.com 2006)
  81. Re: hmmm ( "Nitai @ ComputerOil" 2006)
  82. Re: hmmm ( Jesse Proudman 2006)
  83. Re: hmmm ( "Bess Ho" 2006)
  84. Re: hmmm ( WJ Starck 2006)
  85. Re: hmmm ( "Bess Ho" 2006)
  86. Re: hmmm ( Chris 2006)
  87. Re: hmmm ( Adam O'Connor 2006)
  88. Re: hmmm ( Donovan Brooke 2006)
  89. Re: hmmm ( devaulw@onebox.com 2006)
  90. Re: hmmm ( "Nitai @ ComputerOil" 2006)
  91. hmmm ( Donovan Brooke 2006)
  92. Things that make you go Hmmmm (Brian B. Burton 2001)
John Peacock wrote: > Jesse Proudman wrote: >> [This was reported to SM a week or two ago] >> >> On a security note... >> >> http://www.smithmicro.com/?text=&!=&math= >> Actually, turning off "Display Error Message" in Preferences seems to help some (if you cannot directly filter those requests). We can infer that what is happening is the automatic formvariable to context code is firing for "!" and "text" and "math" and if you have one of those contexts in an include file or template, the substitution code will break your existing code (by eating the initial [!] or [text] or [math] tag), and the remainder of your template or include file will be displayed as is in the page. This is an incredibly big deal. I'm going to go through all of the other paired contexts ([context][/context]) and see whether those are affected as well... John -- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748 ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ John Peacock

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Simple way to create unique SKU (1997) Webdna 5.0 reference documentation (2003) Tax & Shipping (1997) WebDNA Codes in Secure Mode (1997) Mozilla/4. and Browser Info.txt (1997) Show shoppingcart after remove last item (1997) WebCat2 - Getting to the browser's username/password data (1997) Here's how to kill a Butler Database. (1997) [WebDNA] behavior of [thisurl] in the context of 'mod_rewrite' (2012) Mac: LModelDirector bug fix (1997) Slide Show (2002) Math variable size-dumb question (1999) U&P IIS concept (1998) [ShowNext] (1997) Help name our technology! (1997) Caching [include] files ... (1997) Location of Browser Info.txt file (1997) Initiating NewCart (1997) dates and hex formatting (1997) Password Authentication - request example (1998)