Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!]

This WebDNA talk-list message is from

2011


It keeps the original formatting.
numero = 107119
interpreted = N
texte = I thought this bug was fixed already in version 6.2 or earlier? Sincerely, Kenneth Grome > Hi Daniel > > > I noticed in a google search for our error that one of > > the indexed urls had &!=1 at the end of it, causing > > the entire page to break. This also breaks webdna.us > > when added to the end of URLs. > > The original issue you asked about (suddenly failing > orders) sounds like something got corrupted.. which I am > not addressing here.. but this ^^^ is a known bug in > webdna ... before version 7. If you pass the name of a > webdna context as though it were a URL/form-variable > (for example the comment context, e.g. > "page.html?aaa=bbb&!=x", then it sticks in "x" in place > of all the "[!]"'s on your page! ...Thus breaking all > the comment tags... and exposing code you meant to have > commented out! Obviously this is a really dangerous > bug. The solution (if you cannot or should not upgrade > to version 7.. and here I am guessing you will not want > to.. on account of your using the old built-in > e-commerce tags (?)) is to use code such as this in > your pre-parse script.. (or else in an include you place > at the top of every page) : (you can make the [redirect] > redirect to wherever you want.. here it goes to the > default/home page.) > > > [!]--- START: to plug up the security hole of when URL > hacker passes a webdna context name as a > formvar---[/!][!] [/!][formvariables name=!][redirect > /][/formvariables][!] [/!][formvariables > name=addfields][redirect /][/formvariables][!] > [/!][formvariables name=addlineitem][redirect > /][/formvariables][!] [/!][formvariables > name=append][redirect /][/formvariables][!] > [/!][formvariables name=appendfile][redirect > /][/formvariables][!] [/!][formvariables > name=applescript][redirect /][/formvariables][!] > [/!][formvariables name=arrayget][redirect > /][/formvariables][!] [/!][formvariables > name=arrayset][redirect /][/formvariables][!] > [/!][formvariables name=authenticate][redirect > /][/formvariables][!] [/!][formvariables > name=boldwords][redirect /][/formvariables][!] > [/!][formvariables name=browsername][redirect > /][/formvariables][!] [/!][formvariables > name=calcfilecrc32][redirect /][/formvariables][!] > [/!][formvariables name=capitalize][redirect > /][/formvariables][!] [/!][formvariables > name=cart][redirect /][/formvariables][!] > [/!][formvariables name=case][redirect > /][/formvariables][!] [/!][formvariables > name=clearlineitems][redirect /][/formvariables][!] > [/!][formvariables name=closedatabase][redirect > /][/formvariables][!] [/!][formvariables > name=command][redirect /][/formvariables][!] > [/!][formvariables name=commitdatabase][redirect > /][/formvariables][!] [/!][formvariables > name=convertchars][redirect /][/formvariables][!] > [/!][formvariables name=convertwords][redirect > /][/formvariables][!] [/!][formvariables > name=copyfile][redirect /][/formvariables][!] > [/!][formvariables name=copyfolder][redirect > /][/formvariables][!] [/!][formvariables > name=countchars][redirect /][/formvariables][!] > [/!][formvariables name=countwords][redirect > /][/formvariables][!] [/!][formvariables > name=createfolder][redirect /][/formvariables][!] > [/!][formvariables name=date][redirect > /][/formvariables][!] [/!][formvariables > name=ddeconnect][redirect /][/formvariables][!] > [/!][formvariables name=ddesend][redirect > /][/formvariables][!] [/!][formvariables > name=decrypt][redirect /][/formvariables][!] > [/!][formvariables name=delete][redirect > /][/formvariables][!] [/!][formvariables > name=deletefile][redirect /][/formvariables][!] > [/!][formvariables name=deletefolder][redirect > /][/formvariables][!] [/!][formvariables > name=dos][redirect /][/formvariables][!] > [/!][formvariables name=elapsedtime][redirect > /][/formvariables][!] [/!][formvariables > name=else][redirect /][/formvariables][!] > [/!][formvariables name=encrypt][redirect > /][/formvariables][!] [/!][formvariables > name=exclusivelock][redirect /][/formvariables][!] > [/!][formvariables name=filecompare][redirect > /][/formvariables][!] [/!][formvariables > name=fileinfo][redirect /][/formvariables][!] > [/!][formvariables name=findstring][redirect > /][/formvariables][!] [/!][formvariables > name=flushcache][redirect /][/formvariables][!] > [/!][formvariables name=flushdatabases][redirect > /][/formvariables][!] [/!][formvariables > name=format][redirect /][/formvariables][!] > [/!][formvariables name=format][redirect > /][/formvariables][!] [/!][formvariables > name=formvariables][redirect /][/formvariables][!] > [/!][formvariables name=founditems][redirect > /][/formvariables][!] [/!][formvariables > name=freememory][redirect /][/formvariables][!] > [/!][formvariables name=function][redirect > /][/formvariables][!] [/!][formvariables > name=getchars][redirect /][/formvariables][!] > [/!][formvariables name=getcookie][redirect > /][/formvariables][!] [/!][formvariables > name=getmimeheader][redirect /][/formvariables][!] > [/!][formvariables name=grep][redirect > /][/formvariables][!] [/!][formvariables > name=hideif][redirect /][/formvariables][!] > [/!][formvariables name=html1][redirect > /][/formvariables][!] [/!][formvariables > name=html2][redirect /][/formvariables][!] > [/!][formvariables name=html3][redirect > /][/formvariables][!] [/!][formvariables > name=httpmethod][redirect /][/formvariables][!] > [/!][formvariables name=if][redirect > /][/formvariables][!] [/!][formvariables > name=include][redirect /][/formvariables][!] > [/!][formvariables name=input][redirect > /][/formvariables][!] [/!][formvariables > name=interpret][redirect /][/formvariables][!] > [/!][formvariables name=ipaddress][redirect > /][/formvariables][!] [/!][formvariables > name=issecureclient][redirect /][/formvariables][!] > [/!][formvariables name=lastautonumner][redirect > /][/formvariables][!] [/!][formvariables > name=lastrandom][redirect /][/formvariables][!] > [/!][formvariables name=lineitems][redirect > /][/formvariables][!] [/!][formvariables > name=listchars][redirect /][/formvariables][!] > [/!][formvariables name=listcookies][redirect > /][/formvariables][!] [/!][formvariables > name=listdatabases][redirect /][/formvariables][!] > [/!][formvariables name=listfields][redirect > /][/formvariables][!] [/!][formvariables > name=listfiles][redirect /][/formvariables][!] > [/!][formvariables name=listmimeheaders][redirect > /][/formvariables][!] [/!][formvariables > name=listpath][redirect /][/formvariables][!] > [/!][formvariables name=listvariables][redirect > /][/formvariables][!] [/!][formvariables > name=listwords][redirect /][/formvariables][!] > [/!][formvariables name=lookup][redirect > /][/formvariables][!] [/!][formvariables > name=lookup][redirect /][/formvariables][!] > [/!][formvariables name=loop][redirect > /][/formvariables][!] [/!][formvariables > name=lowercase][redirect /][/formvariables][!] > [/!][formvariables name=math][redirect > /][/formvariables][!] [/!][formvariables > name=middle][redirect /][/formvariables][!] > [/!][formvariables name=movefile][redirect > /][/formvariables][!] [/!][formvariables > name=object][redirect /][/formvariables][!] > [/!][formvariables name=orderfile][redirect > /][/formvariables][!] [/!][formvariables > name=password][redirect /][/formvariables][!] > [/!][formvariables name=platform][redirect > /][/formvariables][!] [/!][formvariables > name=product][redirect /][/formvariables][!] > [/!][formvariables name=protect][redirect > /][/formvariables][!] [/!][formvariables > name=purchase][redirect /][/formvariables][!] > [/!][formvariables name=random][redirect > /][/formvariables][!] [/!][formvariables > name=raw][redirect /][/formvariables][!] > [/!][formvariables name=redirect][redirect > /][/formvariables][!] [/!][formvariables > name=referrer][redirect /][/formvariables][!] > [/!][formvariables name=removehtml][redirect > /][/formvariables][!] [/!][formvariables > name=removelineitem][redirect /][/formvariables][!] > [/!][formvariables name=replace][redirect > /][/formvariables][!] [/!][formvariables > name=replacefounditems][redirect /][/formvariables][!] > [/!][formvariables name=return][redirect > /][/formvariables][!] [/!][formvariables > name=returnraw][redirect /][/formvariables][!] > [/!][formvariables name=scope][redirect > /][/formvariables][!] [/!][formvariables > name=search][redirect /][/formvariables][!] > [/!][formvariables name=sendmail][redirect > /][/formvariables][!] [/!][formvariables > name=setcookie][redirect /][/formvariables][!] > [/!][formvariables name=setheader][redirect > /][/formvariables][!] [/!][formvariables > name=setlineitem][redirect /][/formvariables][!] > [/!][formvariables name=setmimeheader][redirect > /][/formvariables][!] [/!][formvariables > name=shell][redirect /][/formvariables][!] > [/!][formvariables name=showif][redirect > /][/formvariables][!] [/!][formvariables > name=shownext][redirect /][/formvariables][!] > [/!][formvariables name=spawn][redirect > /][/formvariables][!] [/!][formvariables > name=sql][redirect /][/formvariables][!] > [/!][formvariables name=sql][redirect > /][/formvariables][!] [/!][formvariables > name=sqlconnect][redirect /][/formvariables][!] > [/!][formvariables name=sqldisconnect][redirect > /][/formvariables][!] [/!][formvariables > name=sqlexecute][redirect /][/formvariables][!] > [/!][formvariables name=sqlinfo][redirect > /][/formvariables][!] [/!][formvariables > name=sqlrelease][redirect /][/formvariables][!] > [/!][formvariables name=sqlresult][redirect > /][/formvariables][!] [/!][formvariables > name=switch][redirect /][/formvariables][!] > [/!][formvariables name=table][redirect > /][/formvariables][!] [/!][formvariables > name=tcpconnect][redirect /][/formvariables][!] > [/!][formvariables name=tcpsend][redirect > /][/formvariables][!] [/!][formvariables > name=text][redirect /][/formvariables][!] > [/!][formvariables name=then][redirect > /][/formvariables][!] [/!][formvariables > name=thisurl][redirect /][/formvariables][!] > [/!][formvariables name=time][redirect > /][/formvariables][!] [/!][formvariables > name=unurl][redirect /][/formvariables][!] > [/!][formvariables name=uppercase][redirect > /][/formvariables][!] [/!][formvariables > name=url][redirect /][/formvariables][!] > [/!][formvariables name=username][redirect > /][/formvariables][!] [/!][formvariables > name=validcard][redirect /][/formvariables][!] > [/!][formvariables name=version][redirect > /][/formvariables][!] [/!][formvariables > name=version][redirect /][/formvariables][!] > [/!][formvariables name=waitforfile][redirect > /][/formvariables][!] [/!][formvariables > name=writefile][redirect /][/formvariables][!] > [/!][formvariables name=xmlnode][redirect > /][/formvariables][!] [/!][formvariables > name=xmlnodes][redirect /][/formvariables][!] > [/!][formvariables name=xmlnodesattributes][redirect > /][/formvariables][!] [/!][formvariables > name=xmlparse][redirect /][/formvariables][!] > [/!][formvariables name=xsl][redirect > /][/formvariables][!] [/!][formvariables > name=xslt][redirect /][/formvariables][!] [/!][!]--- > END: to plug up the security hole of when URL hacker > passes a webdna context name as a formvar---[/!] Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  2. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  3. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  4. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  5. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  6. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  7. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  8. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  9. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  10. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  11. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  12. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
I thought this bug was fixed already in version 6.2 or earlier? Sincerely, Kenneth Grome > Hi Daniel > > > I noticed in a google search for our error that one of > > the indexed urls had &!=1 at the end of it, causing > > the entire page to break. This also breaks webdna.us > > when added to the end of URLs. > > The original issue you asked about (suddenly failing > orders) sounds like something got corrupted.. which I am > not addressing here.. but this ^^^ is a known bug in > webdna ... before version 7. If you pass the name of a > webdna context as though it were a URL/form-variable > (for example the comment context, e.g. > "page.html?aaa=bbb&!=x", then it sticks in "x" in place > of all the "[!]"'s on your page! ...Thus breaking all > the comment tags... and exposing code you meant to have > commented out! Obviously this is a really dangerous > bug. The solution (if you cannot or should not upgrade > to version 7.. and here I am guessing you will not want > to.. on account of your using the old built-in > e-commerce tags (?)) is to use code such as this in > your pre-parse script.. (or else in an include you place > at the top of every page) : (you can make the [redirect] > redirect to wherever you want.. here it goes to the > default/home page.) > > > [!]--- START: to plug up the security hole of when URL > hacker passes a webdna context name as a > formvar---[/!][!] [/!][formvariables name=!][redirect > /][/formvariables][!] [/!][formvariables > name=addfields][redirect /][/formvariables][!] > [/!][formvariables name=addlineitem][redirect > /][/formvariables][!] [/!][formvariables > name=append][redirect /][/formvariables][!] > [/!][formvariables name=appendfile][redirect > /][/formvariables][!] [/!][formvariables > name=applescript][redirect /][/formvariables][!] > [/!][formvariables name=arrayget][redirect > /][/formvariables][!] [/!][formvariables > name=arrayset][redirect /][/formvariables][!] > [/!][formvariables name=authenticate][redirect > /][/formvariables][!] [/!][formvariables > name=boldwords][redirect /][/formvariables][!] > [/!][formvariables name=browsername][redirect > /][/formvariables][!] [/!][formvariables > name=calcfilecrc32][redirect /][/formvariables][!] > [/!][formvariables name=capitalize][redirect > /][/formvariables][!] [/!][formvariables > name=cart][redirect /][/formvariables][!] > [/!][formvariables name=case][redirect > /][/formvariables][!] [/!][formvariables > name=clearlineitems][redirect /][/formvariables][!] > [/!][formvariables name=closedatabase][redirect > /][/formvariables][!] [/!][formvariables > name=command][redirect /][/formvariables][!] > [/!][formvariables name=commitdatabase][redirect > /][/formvariables][!] [/!][formvariables > name=convertchars][redirect /][/formvariables][!] > [/!][formvariables name=convertwords][redirect > /][/formvariables][!] [/!][formvariables > name=copyfile][redirect /][/formvariables][!] > [/!][formvariables name=copyfolder][redirect > /][/formvariables][!] [/!][formvariables > name=countchars][redirect /][/formvariables][!] > [/!][formvariables name=countwords][redirect > /][/formvariables][!] [/!][formvariables > name=createfolder][redirect /][/formvariables][!] > [/!][formvariables name=date][redirect > /][/formvariables][!] [/!][formvariables > name=ddeconnect][redirect /][/formvariables][!] > [/!][formvariables name=ddesend][redirect > /][/formvariables][!] [/!][formvariables > name=decrypt][redirect /][/formvariables][!] > [/!][formvariables name=delete][redirect > /][/formvariables][!] [/!][formvariables > name=deletefile][redirect /][/formvariables][!] > [/!][formvariables name=deletefolder][redirect > /][/formvariables][!] [/!][formvariables > name=dos][redirect /][/formvariables][!] > [/!][formvariables name=elapsedtime][redirect > /][/formvariables][!] [/!][formvariables > name=else][redirect /][/formvariables][!] > [/!][formvariables name=encrypt][redirect > /][/formvariables][!] [/!][formvariables > name=exclusivelock][redirect /][/formvariables][!] > [/!][formvariables name=filecompare][redirect > /][/formvariables][!] [/!][formvariables > name=fileinfo][redirect /][/formvariables][!] > [/!][formvariables name=findstring][redirect > /][/formvariables][!] [/!][formvariables > name=flushcache][redirect /][/formvariables][!] > [/!][formvariables name=flushdatabases][redirect > /][/formvariables][!] [/!][formvariables > name=format][redirect /][/formvariables][!] > [/!][formvariables name=format][redirect > /][/formvariables][!] [/!][formvariables > name=formvariables][redirect /][/formvariables][!] > [/!][formvariables name=founditems][redirect > /][/formvariables][!] [/!][formvariables > name=freememory][redirect /][/formvariables][!] > [/!][formvariables name=function][redirect > /][/formvariables][!] [/!][formvariables > name=getchars][redirect /][/formvariables][!] > [/!][formvariables name=getcookie][redirect > /][/formvariables][!] [/!][formvariables > name=getmimeheader][redirect /][/formvariables][!] > [/!][formvariables name=grep][redirect > /][/formvariables][!] [/!][formvariables > name=hideif][redirect /][/formvariables][!] > [/!][formvariables name=html1][redirect > /][/formvariables][!] [/!][formvariables > name=html2][redirect /][/formvariables][!] > [/!][formvariables name=html3][redirect > /][/formvariables][!] [/!][formvariables > name=httpmethod][redirect /][/formvariables][!] > [/!][formvariables name=if][redirect > /][/formvariables][!] [/!][formvariables > name=include][redirect /][/formvariables][!] > [/!][formvariables name=input][redirect > /][/formvariables][!] [/!][formvariables > name=interpret][redirect /][/formvariables][!] > [/!][formvariables name=ipaddress][redirect > /][/formvariables][!] [/!][formvariables > name=issecureclient][redirect /][/formvariables][!] > [/!][formvariables name=lastautonumner][redirect > /][/formvariables][!] [/!][formvariables > name=lastrandom][redirect /][/formvariables][!] > [/!][formvariables name=lineitems][redirect > /][/formvariables][!] [/!][formvariables > name=listchars][redirect /][/formvariables][!] > [/!][formvariables name=listcookies][redirect > /][/formvariables][!] [/!][formvariables > name=listdatabases][redirect /][/formvariables][!] > [/!][formvariables name=listfields][redirect > /][/formvariables][!] [/!][formvariables > name=listfiles][redirect /][/formvariables][!] > [/!][formvariables name=listmimeheaders][redirect > /][/formvariables][!] [/!][formvariables > name=listpath][redirect /][/formvariables][!] > [/!][formvariables name=listvariables][redirect > /][/formvariables][!] [/!][formvariables > name=listwords][redirect /][/formvariables][!] > [/!][formvariables name=lookup][redirect > /][/formvariables][!] [/!][formvariables > name=lookup][redirect /][/formvariables][!] > [/!][formvariables name=loop][redirect > /][/formvariables][!] [/!][formvariables > name=lowercase][redirect /][/formvariables][!] > [/!][formvariables name=math][redirect > /][/formvariables][!] [/!][formvariables > name=middle][redirect /][/formvariables][!] > [/!][formvariables name=movefile][redirect > /][/formvariables][!] [/!][formvariables > name=object][redirect /][/formvariables][!] > [/!][formvariables name=orderfile][redirect > /][/formvariables][!] [/!][formvariables > name=password][redirect /][/formvariables][!] > [/!][formvariables name=platform][redirect > /][/formvariables][!] [/!][formvariables > name=product][redirect /][/formvariables][!] > [/!][formvariables name=protect][redirect > /][/formvariables][!] [/!][formvariables > name=purchase][redirect /][/formvariables][!] > [/!][formvariables name=random][redirect > /][/formvariables][!] [/!][formvariables > name=raw][redirect /][/formvariables][!] > [/!][formvariables name=redirect][redirect > /][/formvariables][!] [/!][formvariables > name=referrer][redirect /][/formvariables][!] > [/!][formvariables name=removehtml][redirect > /][/formvariables][!] [/!][formvariables > name=removelineitem][redirect /][/formvariables][!] > [/!][formvariables name=replace][redirect > /][/formvariables][!] [/!][formvariables > name=replacefounditems][redirect /][/formvariables][!] > [/!][formvariables name=return][redirect > /][/formvariables][!] [/!][formvariables > name=returnraw][redirect /][/formvariables][!] > [/!][formvariables name=scope][redirect > /][/formvariables][!] [/!][formvariables > name=search][redirect /][/formvariables][!] > [/!][formvariables name=sendmail][redirect > /][/formvariables][!] [/!][formvariables > name=setcookie][redirect /][/formvariables][!] > [/!][formvariables name=setheader][redirect > /][/formvariables][!] [/!][formvariables > name=setlineitem][redirect /][/formvariables][!] > [/!][formvariables name=setmimeheader][redirect > /][/formvariables][!] [/!][formvariables > name=shell][redirect /][/formvariables][!] > [/!][formvariables name=showif][redirect > /][/formvariables][!] [/!][formvariables > name=shownext][redirect /][/formvariables][!] > [/!][formvariables name=spawn][redirect > /][/formvariables][!] [/!][formvariables > name=sql][redirect /][/formvariables][!] > [/!][formvariables name=sql][redirect > /][/formvariables][!] [/!][formvariables > name=sqlconnect][redirect /][/formvariables][!] > [/!][formvariables name=sqldisconnect][redirect > /][/formvariables][!] [/!][formvariables > name=sqlexecute][redirect /][/formvariables][!] > [/!][formvariables name=sqlinfo][redirect > /][/formvariables][!] [/!][formvariables > name=sqlrelease][redirect /][/formvariables][!] > [/!][formvariables name=sqlresult][redirect > /][/formvariables][!] [/!][formvariables > name=switch][redirect /][/formvariables][!] > [/!][formvariables name=table][redirect > /][/formvariables][!] [/!][formvariables > name=tcpconnect][redirect /][/formvariables][!] > [/!][formvariables name=tcpsend][redirect > /][/formvariables][!] [/!][formvariables > name=text][redirect /][/formvariables][!] > [/!][formvariables name=then][redirect > /][/formvariables][!] [/!][formvariables > name=thisurl][redirect /][/formvariables][!] > [/!][formvariables name=time][redirect > /][/formvariables][!] [/!][formvariables > name=unurl][redirect /][/formvariables][!] > [/!][formvariables name=uppercase][redirect > /][/formvariables][!] [/!][formvariables > name=url][redirect /][/formvariables][!] > [/!][formvariables name=username][redirect > /][/formvariables][!] [/!][formvariables > name=validcard][redirect /][/formvariables][!] > [/!][formvariables name=version][redirect > /][/formvariables][!] [/!][formvariables > name=version][redirect /][/formvariables][!] > [/!][formvariables name=waitforfile][redirect > /][/formvariables][!] [/!][formvariables > name=writefile][redirect /][/formvariables][!] > [/!][formvariables name=xmlnode][redirect > /][/formvariables][!] [/!][formvariables > name=xmlnodes][redirect /][/formvariables][!] > [/!][formvariables name=xmlnodesattributes][redirect > /][/formvariables][!] [/!][formvariables > name=xmlparse][redirect /][/formvariables][!] > [/!][formvariables name=xsl][redirect > /][/formvariables][!] [/!][formvariables > name=xslt][redirect /][/formvariables][!] [/!][!]--- > END: to plug up the security hole of when URL hacker > passes a webdna context name as a formvar---[/!] Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Finalizing Orders (2000) Digest for 09-30-97 (1997) Cart Numbers (1997) overload (2002) WebMerchant when CC network is down (1998) WebCat2: Items xx to xx shown, etc. (1997) Search on encrypted field (2000) WebCat2b14MacPlugIn - [include] doesn't hide the search string (1997) [LOOKUP] (1997) Formating found categories (1997) Secure Server (1997) WebCat2b13MacPlugIn - [shownext method=post] ??? (1997) [BoldWords] WebCat.acgib15Mac (1997) any suggestions for creating a multi-lingual site? (1999) Sendmail & Time Issue (2001) WebCatalog for guestbook ? (1997) How to include weather (2000) Sample Tearoom Search Error (1997) The max=0 issue is a bug ... (2000) emailer (1997)