Re: [WebDNA] Error: Can't open order file. Ignoring

This WebDNA talk-list message is from

2011


It keeps the original formatting.
numero = 107117
interpreted = N
texte =
Maybe a bot was at work filling out forms, probably trying to = inject spam URLs





On Thu, 28 Jul 2011 09:47:52 -0400
D= aniel Meola <daniel@knifecenter.com> wrote:
Unfortunately we ar= e very reliant on the old e-commerce tags as you
suspected so upgrading= to v7 will be a long ways off. We are doing
some
troubleshooting= to see how our server filled to capacity so quickly
but it
has at le= ast temporarily been fixed by removing some old files.

I really appreciate the code you sent- we are implementing this
immediately.
Thanks!

Daniel Meola
301-486-0901
daniel@knifecenter.com



On Thu, Jul 28, 2011 at 9:39 AM= , Govinda
<govinda.webdnatalk@gmail.com>wrote:

> Hi Daniel
>
> I noticed in a google search for our error that on= e of the indexed
>urls
> had &!=3D1 at the end of it, ca= using the entire page to break.
> This also breaks webdna.us when added t= o the end of URLs.
>
>
> The original issue you asked a= bout (suddenly failing orders) sounds
>like
> something got corru= pted.. which I am not addressing here.. but this
>^^^ is a
> known bug in webdna ... before version 7.  If you pass the name= of a
>webdna
> context as though it were a URL/form-variabl= e (for example the
>comment
> context, e.g. "page.html?aaa=3Db= bb&!=3Dx", then it sticks in "x" in place
>of all
> the = "[!]"'s on your page!  ...Thus breaking all the comment tags...
>= ; and
> exposing code you meant to have commented out!  Obviously this is a
>really
> dangerous bug.=   The solution (if you cannot or should not upgrade to
>version
> 7.. and here I am guessing you will not want to..= on account of your
>using
> the old built-in e-commerce tag= s (?))  is to use code such as this in
>your
> pre-p= arse script.. (or else in an include you place at the top of
>every
> page) :
> (you can make the [redirect] redire= ct to wherever you want..  here it
>goes
> to the default/home page.)
>
>
> [!]--- START: to plug up the = security hole of when URL hacker passes
>a
> webdna context = name as a formvar---[/!][!]
> [/!][formvariables name=3D!][redirect /][/= formvariables][!]
> [/!][formvariables name=3Daddfields][redirect /][/formvariables][!]
> [/!][formvariables name=3Daddlineitem][redi= rect /][/formvariables][!]
> [/!][formvariables name=3Dappend][redi= rect /][/formvariables][!]
> [/!][formvariables name=3Dappendfile][redir= ect /][/formvariables][!]
> [/!][formvariables name=3Dapplescript][= redirect /][/formvariables][!]
> [/!][formvariables name=3Darrayget][redirec= t /][/formvariables][!]
> [/!][formvariables name=3Darrayset][redir= ect /][/formvariables][!]
> [/!][formvariables name=3Dauthenticate][red= irect /][/formvariables][!]
> [/!][formvariables name=3Dboldwords][= redirect /][/formvariables][!]
> [/!][formvariables name=3Dbrowsername][redi= rect /][/formvariables][!]
> [/!][formvariables name=3Dcalcfilecrc32][redirect /][/formvariables][!]
> [/!][formvar= iables name=3Dcapitalize][redirect /][/formvariables][!]
> [/!][formvariables name=3Dcart][redirect /][/formvariables][!]
> [/= !][formvariables name=3Dcase][redirect /][/formvariables][!]
> [/!][formvariables name=3Dclearlineitems][redirect
>/][/formvariab= les][!]
> [/!][formvariables name=3Dclosedatabase][redirect /][/formvariables][!]
> [/!][formvariables name=3Dcommand][redirect= /][/formvariables][!]
> [/!][formvariables name=3Dcommitdatabase][= redirect
>/][/formvariables][!]
> [/!][formvariables name=3Dconvertch= ars][redirect /][/formvariables][!]
> [/!][formvariables name=3Dconvertwords][redirect /][/formvariables][!]
> [/!][formvari= ables name=3Dcopyfile][redirect /][/formvariables][!]
> [/!][formva= riables name=3Dcopyfolder][redirect /][/formvariables][!]
> [/!][formvariab= les name=3Dcountchars][redirect /][/formvariables][!]
> [/!][formva= riables name=3Dcountwords][redirect /][/formvariables][!]
> [/!][formvariab= les name=3Dcreatefolder][redirect /][/formvariables][!]
> [/!][formvariables name=3Ddate][redirect /][/formvariables][!]
> [/= !][formvariables name=3Dddeconnect][redirect /][/formvariables][!]
>= ; [/!][formvariables name=3Dddesend][redirect /][/formvariables][!]
>= [/!][formvariables name=3Ddecrypt][redirect /][/formvariables][!]
>= ; [/!][formvariables name=3Ddelete][redirect /][/formvariables][!]
> = [/!][formvariables name=3Ddeletefile][redirect /][/formvariables][!]
&= gt; [/!][formvariables name=3Ddeletefolder][redirect /][/formvariables][!]> [/!][formvariables name=3Ddos][redirect /][/formvariables][!]
&g= t; [/!][formvariables name=3Delapsedtime][redirect /][/formvariables][!]
= > [/!][formvariables name=3Delse][redirect /][/formvariables][!]
&g= t; [/!][formvariables name=3Dencrypt][redirect /][/formvariables][!]
>= [/!][formvariables name=3Dexclusivelock][redirect /][/formvariables][!]<= br>> [/!][formvariables name=3Dfilecompare][redirect /][/formvariables][!]
= > [/!][formvariables name=3Dfileinfo][redirect /][/formvariables][!]> [/!][formvariables name=3Dfindstring][redirect /][/formvariables][!]
&= gt; [/!][formvariables name=3Dflushcache][redirect /][/formvariables][!]<= br>> [/!][formvariables name=3Dflushdatabases][redirect
>/][/formvariab= les][!]
> [/!][formvariables name=3Dformat][redirect /][/formvariables][!]
> [/!][formvariables name=3Dformat][redirect = /][/formvariables][!]
> [/!][formvariables name=3Dformvariables][re= direct /][/formvariables][!]
> [/!][formvariables name=3Dfounditems][redir= ect /][/formvariables][!]
> [/!][formvariables name=3Dfreememory][r= edirect /][/formvariables][!]
> [/!][formvariables name=3Dfunction][redirec= t /][/formvariables][!]
> [/!][formvariables name=3Dgetchars][redir= ect /][/formvariables][!]
> [/!][formvariables name=3Dgetcookie][redire= ct /][/formvariables][!]
> [/!][formvariables name=3Dgetmimeheader][redirect /][/formvariables][!]
> [/!][formvar= iables name=3Dgrep][redirect /][/formvariables][!]
> [/!][formvaria= bles name=3Dhideif][redirect /][/formvariables][!]
> [/!][formvariables = name=3Dhtml1][redirect /][/formvariables][!]
> [/!][formvariables name=3Dhtml2][redirect /][/formvariables][!]
> [/!][formvariables n= ame=3Dhtml3][redirect /][/formvariables][!]
> [/!][formvariables name=3Dhttpmethod][redirect /][/formvariables][!]
> [/!][formvariab= les name=3Dif][redirect /][/formvariables][!]
> [/!][formvariables name=3Dinclude][redirect /][/formvariables][!]
> [/!][formvariables= name=3Dinput][redirect /][/formvariables][!]
> [/!][formvariables name=3Dinterpret][redirect /][/formvariables][!]
> [/!][formvariabl= es name=3Dipaddress][redirect /][/formvariables][!]
> [/!][formvari= ables name=3Dissecureclient][redirect
>/][/formvariables][!]
> [/!= ][formvariables name=3Dlastautonumner][redirect
>/][/formvariables][!]
> [/!][formvariables name=3Dlastrando= m][redirect /][/formvariables][!]
> [/!][formvariables name=3Dlineitems][redirect /][/formvariables][!]
> [/!][formvariabl= es name=3Dlistchars][redirect /][/formvariables][!]
> [/!][formvari= ables name=3Dlistcookies][redirect /][/formvariables][!]
> [/!][formvaria= bles name=3Dlistdatabases][redirect /][/formvariables][!]
> [/!][formvariables name=3Dlistfields][redirect /][/formvariables][!]
&= gt; [/!][formvariables name=3Dlistfiles][redirect /][/formvariables][!]> [/!][formvariables name=3Dlistmimeheaders][redirect
>/][/formvaria= bles][!]
> [/!][formvariables name=3Dlistpath][redirect /][/formvariables][!]
> [/!][formvariables name=3Dlistvariables][re= direct /][/formvariables][!]
> [/!][formvariables name=3Dlistwords][redirect /][/formvariables][!]
> [/!][formvariabl= es name=3Dlookup][redirect /][/formvariables][!]
> [/!][formvariabl= es name=3Dlookup][redirect /][/formvariables][!]
> [/!][formvariables = name=3Dloop][redirect /][/formvariables][!]
> [/!][formvariables name=3Dlowercase][redirect /][/formvariables][!]
> [/!][formvariabl= es name=3Dmath][redirect /][/formvariables][!]
> [/!][formvariables name=3Dmiddle][redirect /][/formvariables][!]
> [/!][formvariables = name=3Dmovefile][redirect /][/formvariables][!]
> [/!][formvariable= s name=3Dobject][redirect /][/formvariables][!]
> [/!][formvariables = name=3Dorderfile][redirect /][/formvariables][!]
> [/!][formvariabl= es name=3Dpassword][redirect /][/formvariables][!]
> [/!][formvariable= s name=3Dplatform][redirect /][/formvariables][!]
> [/!][formvariab= les name=3Dproduct][redirect /][/formvariables][!]
> [/!][formvariables= name=3Dprotect][redirect /][/formvariables][!]
> [/!][formvariable= s name=3Dpurchase][redirect /][/formvariables][!]
> [/!][formvariable= s name=3Drandom][redirect /][/formvariables][!]
> [/!][formvariable= s name=3Draw][redirect /][/formvariables][!]
> [/!][formvariables nam= e=3Dredirect][redirect /][/formvariables][!]
> [/!][formvariables name=3Dreferrer][redirect /][/formvariables][!]
> [/!][formvariable= s name=3Dremovehtml][redirect /][/formvariables][!]
> [/!][formvari= ables name=3Dremovelineitem][redirect
>/][/formvariables][!]
> [/!= ][formvariables name=3Dreplace][redirect /][/formvariables][!]
> [/!][formvariables name=3Dreplacefounditems][redirect
>/][/formvar= iables][!]
> [/!][formvariables name=3Dreturn][redirect /][/formvariables][!]
> [/!][formvariables name=3Dreturnraw][redire= ct /][/formvariables][!]
> [/!][formvariables name=3Dscope][redirec= t /][/formvariables][!]
> [/!][formvariables name=3Dsearch][redirect = /][/formvariables][!]
> [/!][formvariables name=3Dsendmail][redirec= t /][/formvariables][!]
> [/!][formvariables name=3Dsetcookie][redire= ct /][/formvariables][!]
> [/!][formvariables name=3Dsetheader][red= irect /][/formvariables][!]
> [/!][formvariables name=3Dsetlineitem][redi= rect /][/formvariables][!]
> [/!][formvariables name=3Dsetmimeheader][redirect /][/formvariables][!]
> [/!][formvar= iables name=3Dshell][redirect /][/formvariables][!]
> [/!][formvari= ables name=3Dshowif][redirect /][/formvariables][!]
> [/!][formvariables = name=3Dshownext][redirect /][/formvariables][!]
> [/!][formvariable= s name=3Dspawn][redirect /][/formvariables][!]
> [/!][formvariables n= ame=3Dsql][redirect /][/formvariables][!]
> [/!][formvariables name=3Dsql][redirect /][/formvariables][!]
> [/!][formvariables nam= e=3Dsqlconnect][redirect /][/formvariables][!]
> [/!][formvariables name=3Dsqldisconnect][redirect /][/formvariables][!]
> [/!][formvar= iables name=3Dsqlexecute][redirect /][/formvariables][!]
> [/!][formvariables name=3Dsqlinfo][redirect /][/formvariables][!]
>= [/!][formvariables name=3Dsqlrelease][redirect /][/formvariables][!]
= > [/!][formvariables name=3Dsqlresult][redirect /][/formvariables][!]
&g= t; [/!][formvariables name=3Dswitch][redirect /][/formvariables][!]
&g= t; [/!][formvariables name=3Dtable][redirect /][/formvariables][!]
> [= /!][formvariables name=3Dtcpconnect][redirect /][/formvariables][!]
&g= t; [/!][formvariables name=3Dtcpsend][redirect /][/formvariables][!]
>= [/!][formvariables name=3Dtext][redirect /][/formvariables][!]
> [/!][formvariables name=3Dthen][redirect /][/formvariables][!]
> [/= !][formvariables name=3Dthisurl][redirect /][/formvariables][!]
> [/!][formvariables name=3Dtime][redirect /][/formvariables][!]
> [/= !][formvariables name=3Dunurl][redirect /][/formvariables][!]
> [/!][formvariables name=3Duppercase][redirect /][/formvariables][!]
&g= t; [/!][formvariables name=3Durl][redirect /][/formvariables][!]
> [/!][formvariables name=3Dusername][redirect /][/formvariables][!]
>= ; [/!][formvariables name=3Dvalidcard][redirect /][/formvariables][!]
= > [/!][formvariables name=3Dversion][redirect /][/formvariables][!]
>= [/!][formvariables name=3Dversion][redirect /][/formvariables][!]
>= ; [/!][formvariables name=3Dwaitforfile][redirect /][/formvariables][!]
= > [/!][formvariables name=3Dwritefile][redirect /][/formvariables][!]<= br>> [/!][formvariables name=3Dxmlnode][redirect /][/formvariables][!]
>= [/!][formvariables name=3Dxmlnodes][redirect /][/formvariables][!]
&g= t; [/!][formvariables name=3Dxmlnodesattributes][redirect
>/][/formva= riables][!]
> [/!][formvariables name=3Dxmlparse][redirect /][/formvariables][!]
> [/!][formvariables name=3Dxsl][redirect /][= /formvariables][!]
> [/!][formvariables name=3Dxslt][redirect /][/formvariables][!]
> [/!][!]--- END: to plug up the security hol= e of when URL hacker
>passes a
> webdna context name as a formvar---[/!]
>
> ------------------------------------------= --------------- This
>message is
> sent to you because you a= re subscribed to the mailing list **. To
> unsubscribe, E-mail to: ** = archives:
> http://mail.webdna.us/list/talk@webdna.us Bug Reporting= :
>support@webdna.us
Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Error: Can't open order file. Ignoring ("Terry Wilson" 2011)
  2. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  3. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  4. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  5. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  6. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context (Donovan Brooke 2011)
  7. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  8. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  9. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  10. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context (Donovan Brooke 2011)
  11. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] (Tom Duke 2011)
  12. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context (Donovan Brooke 2011)
  13. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  14. Re: [WebDNA] Error: Can't open order file. Ignoring ("Terry Wilson" 2011)
  15. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] (Daniel Meola 2011)
  16. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  17. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] (Daniel Meola 2011)
  18. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] (Daniel Meola 2011)
  19. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  20. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  21. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] (Daniel Meola 2011)
  22. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] (Daniel Meola 2011)
  23. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  24. [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: (Daniel Meola 2011)
Maybe a bot was at work filling out forms, probably trying to = inject spam URLs





On Thu, 28 Jul 2011 09:47:52 -0400
D= aniel Meola <daniel@knifecenter.com> wrote:
Unfortunately we ar= e very reliant on the old e-commerce tags as you
suspected so upgrading= to v7 will be a long ways off. We are doing
some
troubleshooting= to see how our server filled to capacity so quickly
but it
has at le= ast temporarily been fixed by removing some old files.

I really appreciate the code you sent- we are implementing this
immediately.
Thanks!

Daniel Meola
301-486-0901
daniel@knifecenter.com



On Thu, Jul 28, 2011 at 9:39 AM= , Govinda
<govinda.webdnatalk@gmail.com>wrote:

> Hi Daniel
>
> I noticed in a google search for our error that on= e of the indexed
>urls
> had &!=3D1 at the end of it, ca= using the entire page to break.
> This also breaks webdna.us when added t= o the end of URLs.
>
>
> The original issue you asked a= bout (suddenly failing orders) sounds
>like
> something got corru= pted.. which I am not addressing here.. but this
>^^^ is a
> known bug in webdna ... before version 7.  If you pass the name= of a
>webdna
> context as though it were a URL/form-variabl= e (for example the
>comment
> context, e.g. "page.html?aaa=3Db= bb&!=3Dx", then it sticks in "x" in place
>of all
> the = "[!]"'s on your page!  ...Thus breaking all the comment tags...
>= ; and
> exposing code you meant to have commented out!  Obviously this is a
>really
> dangerous bug.=   The solution (if you cannot or should not upgrade to
>version
> 7.. and here I am guessing you will not want to..= on account of your
>using
> the old built-in e-commerce tag= s (?))  is to use code such as this in
>your
> pre-p= arse script.. (or else in an include you place at the top of
>every
> page) :
> (you can make the [redirect] redire= ct to wherever you want..  here it
>goes
> to the default/home page.)
>
>
> [!]--- START: to plug up the = security hole of when URL hacker passes
>a
> webdna context = name as a formvar---[/!][!]
> [/!][formvariables name=3D!][redirect /][/= formvariables][!]
> [/!][formvariables name=3Daddfields][redirect /][/formvariables][!]
> [/!][formvariables name=3Daddlineitem][redi= rect /][/formvariables][!]
> [/!][formvariables name=3Dappend][redi= rect /][/formvariables][!]
> [/!][formvariables name=3Dappendfile][redir= ect /][/formvariables][!]
> [/!][formvariables name=3Dapplescript][= redirect /][/formvariables][!]
> [/!][formvariables name=3Darrayget][redirec= t /][/formvariables][!]
> [/!][formvariables name=3Darrayset][redir= ect /][/formvariables][!]
> [/!][formvariables name=3Dauthenticate][red= irect /][/formvariables][!]
> [/!][formvariables name=3Dboldwords][= redirect /][/formvariables][!]
> [/!][formvariables name=3Dbrowsername][redi= rect /][/formvariables][!]
> [/!][formvariables name=3Dcalcfilecrc32][redirect /][/formvariables][!]
> [/!][formvar= iables name=3Dcapitalize][redirect /][/formvariables][!]
> [/!][formvariables name=3Dcart][redirect /][/formvariables][!]
> [/= !][formvariables name=3Dcase][redirect /][/formvariables][!]
> [/!][formvariables name=3Dclearlineitems][redirect
>/][/formvariab= les][!]
> [/!][formvariables name=3Dclosedatabase][redirect /][/formvariables][!]
> [/!][formvariables name=3Dcommand][redirect= /][/formvariables][!]
> [/!][formvariables name=3Dcommitdatabase][= redirect
>/][/formvariables][!]
> [/!][formvariables name=3Dconvertch= ars][redirect /][/formvariables][!]
> [/!][formvariables name=3Dconvertwords][redirect /][/formvariables][!]
> [/!][formvari= ables name=3Dcopyfile][redirect /][/formvariables][!]
> [/!][formva= riables name=3Dcopyfolder][redirect /][/formvariables][!]
> [/!][formvariab= les name=3Dcountchars][redirect /][/formvariables][!]
> [/!][formva= riables name=3Dcountwords][redirect /][/formvariables][!]
> [/!][formvariab= les name=3Dcreatefolder][redirect /][/formvariables][!]
> [/!][formvariables name=3Ddate][redirect /][/formvariables][!]
> [/= !][formvariables name=3Dddeconnect][redirect /][/formvariables][!]
>= ; [/!][formvariables name=3Dddesend][redirect /][/formvariables][!]
>= [/!][formvariables name=3Ddecrypt][redirect /][/formvariables][!]
>= ; [/!][formvariables name=3Ddelete][redirect /][/formvariables][!]
> = [/!][formvariables name=3Ddeletefile][redirect /][/formvariables][!]
&= gt; [/!][formvariables name=3Ddeletefolder][redirect /][/formvariables][!]> [/!][formvariables name=3Ddos][redirect /][/formvariables][!]
&g= t; [/!][formvariables name=3Delapsedtime][redirect /][/formvariables][!]
= > [/!][formvariables name=3Delse][redirect /][/formvariables][!]
&g= t; [/!][formvariables name=3Dencrypt][redirect /][/formvariables][!]
>= [/!][formvariables name=3Dexclusivelock][redirect /][/formvariables][!]<= br>> [/!][formvariables name=3Dfilecompare][redirect /][/formvariables][!]
= > [/!][formvariables name=3Dfileinfo][redirect /][/formvariables][!]> [/!][formvariables name=3Dfindstring][redirect /][/formvariables][!]
&= gt; [/!][formvariables name=3Dflushcache][redirect /][/formvariables][!]<= br>> [/!][formvariables name=3Dflushdatabases][redirect
>/][/formvariab= les][!]
> [/!][formvariables name=3Dformat][redirect /][/formvariables][!]
> [/!][formvariables name=3Dformat][redirect = /][/formvariables][!]
> [/!][formvariables name=3Dformvariables][re= direct /][/formvariables][!]
> [/!][formvariables name=3Dfounditems][redir= ect /][/formvariables][!]
> [/!][formvariables name=3Dfreememory][r= edirect /][/formvariables][!]
> [/!][formvariables name=3Dfunction][redirec= t /][/formvariables][!]
> [/!][formvariables name=3Dgetchars][redir= ect /][/formvariables][!]
> [/!][formvariables name=3Dgetcookie][redire= ct /][/formvariables][!]
> [/!][formvariables name=3Dgetmimeheader][redirect /][/formvariables][!]
> [/!][formvar= iables name=3Dgrep][redirect /][/formvariables][!]
> [/!][formvaria= bles name=3Dhideif][redirect /][/formvariables][!]
> [/!][formvariables = name=3Dhtml1][redirect /][/formvariables][!]
> [/!][formvariables name=3Dhtml2][redirect /][/formvariables][!]
> [/!][formvariables n= ame=3Dhtml3][redirect /][/formvariables][!]
> [/!][formvariables name=3Dhttpmethod][redirect /][/formvariables][!]
> [/!][formvariab= les name=3Dif][redirect /][/formvariables][!]
> [/!][formvariables name=3Dinclude][redirect /][/formvariables][!]
> [/!][formvariables= name=3Dinput][redirect /][/formvariables][!]
> [/!][formvariables name=3Dinterpret][redirect /][/formvariables][!]
> [/!][formvariabl= es name=3Dipaddress][redirect /][/formvariables][!]
> [/!][formvari= ables name=3Dissecureclient][redirect
>/][/formvariables][!]
> [/!= ][formvariables name=3Dlastautonumner][redirect
>/][/formvariables][!]
> [/!][formvariables name=3Dlastrando= m][redirect /][/formvariables][!]
> [/!][formvariables name=3Dlineitems][redirect /][/formvariables][!]
> [/!][formvariabl= es name=3Dlistchars][redirect /][/formvariables][!]
> [/!][formvari= ables name=3Dlistcookies][redirect /][/formvariables][!]
> [/!][formvaria= bles name=3Dlistdatabases][redirect /][/formvariables][!]
> [/!][formvariables name=3Dlistfields][redirect /][/formvariables][!]
&= gt; [/!][formvariables name=3Dlistfiles][redirect /][/formvariables][!]> [/!][formvariables name=3Dlistmimeheaders][redirect
>/][/formvaria= bles][!]
> [/!][formvariables name=3Dlistpath][redirect /][/formvariables][!]
> [/!][formvariables name=3Dlistvariables][re= direct /][/formvariables][!]
> [/!][formvariables name=3Dlistwords][redirect /][/formvariables][!]
> [/!][formvariabl= es name=3Dlookup][redirect /][/formvariables][!]
> [/!][formvariabl= es name=3Dlookup][redirect /][/formvariables][!]
> [/!][formvariables = name=3Dloop][redirect /][/formvariables][!]
> [/!][formvariables name=3Dlowercase][redirect /][/formvariables][!]
> [/!][formvariabl= es name=3Dmath][redirect /][/formvariables][!]
> [/!][formvariables name=3Dmiddle][redirect /][/formvariables][!]
> [/!][formvariables = name=3Dmovefile][redirect /][/formvariables][!]
> [/!][formvariable= s name=3Dobject][redirect /][/formvariables][!]
> [/!][formvariables = name=3Dorderfile][redirect /][/formvariables][!]
> [/!][formvariabl= es name=3Dpassword][redirect /][/formvariables][!]
> [/!][formvariable= s name=3Dplatform][redirect /][/formvariables][!]
> [/!][formvariab= les name=3Dproduct][redirect /][/formvariables][!]
> [/!][formvariables= name=3Dprotect][redirect /][/formvariables][!]
> [/!][formvariable= s name=3Dpurchase][redirect /][/formvariables][!]
> [/!][formvariable= s name=3Drandom][redirect /][/formvariables][!]
> [/!][formvariable= s name=3Draw][redirect /][/formvariables][!]
> [/!][formvariables nam= e=3Dredirect][redirect /][/formvariables][!]
> [/!][formvariables name=3Dreferrer][redirect /][/formvariables][!]
> [/!][formvariable= s name=3Dremovehtml][redirect /][/formvariables][!]
> [/!][formvari= ables name=3Dremovelineitem][redirect
>/][/formvariables][!]
> [/!= ][formvariables name=3Dreplace][redirect /][/formvariables][!]
> [/!][formvariables name=3Dreplacefounditems][redirect
>/][/formvar= iables][!]
> [/!][formvariables name=3Dreturn][redirect /][/formvariables][!]
> [/!][formvariables name=3Dreturnraw][redire= ct /][/formvariables][!]
> [/!][formvariables name=3Dscope][redirec= t /][/formvariables][!]
> [/!][formvariables name=3Dsearch][redirect = /][/formvariables][!]
> [/!][formvariables name=3Dsendmail][redirec= t /][/formvariables][!]
> [/!][formvariables name=3Dsetcookie][redire= ct /][/formvariables][!]
> [/!][formvariables name=3Dsetheader][red= irect /][/formvariables][!]
> [/!][formvariables name=3Dsetlineitem][redi= rect /][/formvariables][!]
> [/!][formvariables name=3Dsetmimeheader][redirect /][/formvariables][!]
> [/!][formvar= iables name=3Dshell][redirect /][/formvariables][!]
> [/!][formvari= ables name=3Dshowif][redirect /][/formvariables][!]
> [/!][formvariables = name=3Dshownext][redirect /][/formvariables][!]
> [/!][formvariable= s name=3Dspawn][redirect /][/formvariables][!]
> [/!][formvariables n= ame=3Dsql][redirect /][/formvariables][!]
> [/!][formvariables name=3Dsql][redirect /][/formvariables][!]
> [/!][formvariables nam= e=3Dsqlconnect][redirect /][/formvariables][!]
> [/!][formvariables name=3Dsqldisconnect][redirect /][/formvariables][!]
> [/!][formvar= iables name=3Dsqlexecute][redirect /][/formvariables][!]
> [/!][formvariables name=3Dsqlinfo][redirect /][/formvariables][!]
>= [/!][formvariables name=3Dsqlrelease][redirect /][/formvariables][!]
= > [/!][formvariables name=3Dsqlresult][redirect /][/formvariables][!]
&g= t; [/!][formvariables name=3Dswitch][redirect /][/formvariables][!]
&g= t; [/!][formvariables name=3Dtable][redirect /][/formvariables][!]
> [= /!][formvariables name=3Dtcpconnect][redirect /][/formvariables][!]
&g= t; [/!][formvariables name=3Dtcpsend][redirect /][/formvariables][!]
>= [/!][formvariables name=3Dtext][redirect /][/formvariables][!]
> [/!][formvariables name=3Dthen][redirect /][/formvariables][!]
> [/= !][formvariables name=3Dthisurl][redirect /][/formvariables][!]
> [/!][formvariables name=3Dtime][redirect /][/formvariables][!]
> [/= !][formvariables name=3Dunurl][redirect /][/formvariables][!]
> [/!][formvariables name=3Duppercase][redirect /][/formvariables][!]
&g= t; [/!][formvariables name=3Durl][redirect /][/formvariables][!]
> [/!][formvariables name=3Dusername][redirect /][/formvariables][!]
>= ; [/!][formvariables name=3Dvalidcard][redirect /][/formvariables][!]
= > [/!][formvariables name=3Dversion][redirect /][/formvariables][!]
>= [/!][formvariables name=3Dversion][redirect /][/formvariables][!]
>= ; [/!][formvariables name=3Dwaitforfile][redirect /][/formvariables][!]
= > [/!][formvariables name=3Dwritefile][redirect /][/formvariables][!]<= br>> [/!][formvariables name=3Dxmlnode][redirect /][/formvariables][!]
>= [/!][formvariables name=3Dxmlnodes][redirect /][/formvariables][!]
&g= t; [/!][formvariables name=3Dxmlnodesattributes][redirect
>/][/formva= riables][!]
> [/!][formvariables name=3Dxmlparse][redirect /][/formvariables][!]
> [/!][formvariables name=3Dxsl][redirect /][= /formvariables][!]
> [/!][formvariables name=3Dxslt][redirect /][/formvariables][!]
> [/!][!]--- END: to plug up the security hol= e of when URL hacker
>passes a
> webdna context name as a formvar---[/!]
>
> ------------------------------------------= --------------- This
>message is
> sent to you because you a= re subscribed to the mailing list **. To
> unsubscribe, E-mail to: ** = archives:
> http://mail.webdna.us/list/talk@webdna.us Bug Reporting= :
>support@webdna.us
"Terry Wilson"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCat2b14MacPlugIn - [include] doesn't hide the search string (1997) transferring values (1998) WebCat2b13MacPlugIn - [include] (1997) using showpage and showcart commands (1996) [thisURL] (was pre-parse hell) (2008) Requiring that certain fields be completed (1997) Cannot calculate prices (1997) Emailer [cart] file names (1997) thankyou.tmpl (1997) [showif]/[hideif] question (1997) PCS Frames (1997) DON'T use old cart file! (1997) One other big addition... (1997) For those of you not on the WebCatalog Beta... (1997) WebStar Secure on other machine (1997) [tcpconnect] doing nothing- SM any help here??? (2001) Not really WebCat- (1997) Re:Non-technical messages ... (1997) NT version (1997) WebCatalog for guestbook ? (1997)