Re: [WebDNA] Putting '&search' into URL killing all search contexts

This WebDNA talk-list message is from

2010


It keeps the original formatting.
numero = 105341
interpreted = N
texte = --0016e6da98a9f61723048914dc94 Content-Type: text/plain; charset=UTF-8 Brian, Hi - finally got your code to work once I put the exclamation mark item right at the top of the pre-parse script, i.e. before any comment tags. Thanks for this fix. Take care - Tom On Tue, Jun 15, 2010 at 5:38 PM, Brian Fries wrote: > Nice, Olin. Got me thinking, and I extended the concept thusly, checking > for several bad formvariables that may compromise your site's security: > > [formvariables name=search][redirect /][/formvariables] > [formvariables name=!][redirect /][/formvariables] > [formvariables name=text][redirect /][/formvariables] > [formvariables name=math][redirect /][/formvariables] > [formvariables name=encrypt][redirect /][/formvariables] > [formvariables name=decrypt][redirect /][/formvariables] > > > Brian Fries > BrainScan Software > > --0016e6da98a9f61723048914dc94 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Brian,

Hi - finally got your code to work once I put the= exclamation mark item right at the top of the pre-parse script, i.e. befor= e any comment tags.

Thanks for this fix.

Take care
- Tom



<= div class=3D"gmail_quote">On Tue, Jun 15, 2010 at 5:38 PM, Brian Fries <dna@brainscansoftware.com> wrote:
Nice, Olin. Got me thinking, and I extended = the concept thusly, checking for several bad formvariables that may comprom= ise your site's security:

[formvariables name=3Dsearch][redirect /][/formvariables]
[formvariables name=3D!][redirect /][/formvariables]
[formvariables name=3Dtext][redirect /][/formvariables]
[formvariables name=3Dmath][redirect /][/formvariables]
[formvariables name=3Dencrypt][redirect /][/formvariables]
[formvariables name=3Ddecrypt][redirect /][/formvariables]


Brian Fries
BrainScan Software

--0016e6da98a9f61723048914dc94-- Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites ("Mr. Robert Minor Jr." 2010)
  2. Re: [WebDNA] Putting '&search' into URL killing all search (Alex McCombie 2010)
  3. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Govinda 2010)
  4. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  5. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  6. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Govinda 2010)
  7. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (christophe.billiottet@webdna.us 2010)
  8. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  9. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (christophe.billiottet@webdna.us 2010)
  10. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Marc Thompson 2010)
  11. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Govinda 2010)
  12. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (christophe.billiottet@webdna.us 2010)
  13. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  14. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Brian Fries 2010)
  15. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Govinda 2010)
  16. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Kenneth Grome 2010)
  17. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Govinda 2010)
  18. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  19. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  20. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  21. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites ("Mr. Robert Minor Jr." 2010)
  22. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  23. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  24. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Brian Fries 2010)
  25. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  26. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Kenneth Grome 2010)
  27. RE: [WebDNA] Putting '&search' into URL killing all search contexts on my sites ("Olin Lagon" 2010)
  28. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (christophe.billiottet@webdna.us 2010)
  29. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Stuart Tremain 2010)
  30. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  31. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Stuart Tremain 2010)
  32. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  33. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (christophe.billiottet@webdna.us 2010)
  34. [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Tom Duke 2010)
--0016e6da98a9f61723048914dc94 Content-Type: text/plain; charset=UTF-8 Brian, Hi - finally got your code to work once I put the exclamation mark item right at the top of the pre-parse script, i.e. before any comment tags. Thanks for this fix. Take care - Tom On Tue, Jun 15, 2010 at 5:38 PM, Brian Fries wrote: > Nice, Olin. Got me thinking, and I extended the concept thusly, checking > for several bad formvariables that may compromise your site's security: > > [formvariables name=search][redirect /][/formvariables] > [formvariables name=!][redirect /][/formvariables] > [formvariables name=text][redirect /][/formvariables] > [formvariables name=math][redirect /][/formvariables] > [formvariables name=encrypt][redirect /][/formvariables] > [formvariables name=decrypt][redirect /][/formvariables] > > > Brian Fries > BrainScan Software > > --0016e6da98a9f61723048914dc94 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Brian,

Hi - finally got your code to work once I put the= exclamation mark item right at the top of the pre-parse script, i.e. befor= e any comment tags.

Thanks for this fix.

Take care
- Tom



<= div class=3D"gmail_quote">On Tue, Jun 15, 2010 at 5:38 PM, Brian Fries <dna@brainscansoftware.com> wrote:
Nice, Olin. Got me thinking, and I extended = the concept thusly, checking for several bad formvariables that may comprom= ise your site's security:

[formvariables name=3Dsearch][redirect /][/formvariables]
[formvariables name=3D!][redirect /][/formvariables]
[formvariables name=3Dtext][redirect /][/formvariables]
[formvariables name=3Dmath][redirect /][/formvariables]
[formvariables name=3Dencrypt][redirect /][/formvariables]
[formvariables name=3Ddecrypt][redirect /][/formvariables]


Brian Fries
BrainScan Software

--0016e6da98a9f61723048914dc94-- Tom Duke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WC2b15 - [HTMLx]...[/HTMLx] problems (1997) New Guestbook Source (1997) Sort Order on a page search (1997) Security Question (1997) DB Size - MAX (2004) template includes encrypted template (1999) Where's Cart Created ? (1997) Why does setheader provide a db= parameter? (2005) Sort Order on a page search (1997) [WebDNA] HTTPS and authorization (2018) WebCatalog can't find database (1997) FlushDatabase Suggestion (1998) Help! WebCat2 bug (1997) tab deliminated txt file (2001) Page Counters? (1997) Error Lob.db records error message not name (1997) Long/Lat (2002) Pulling Captions from JPGs (2003) BUG in [showif] using ^ (contains) (1997) no global [username] or [password] displayed ... (1997)