Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context
This WebDNA talk-list message is from 2011
It keeps the original formatting.
numero = 107120
interpreted = N
texte = Govinda wrote:[snip]> [!]--- START: to plug up the security hole of when URL hacker passes a> webdna context name as a formvar---[/!][snip]Hi Govinda, that looks like a good solution. Since passing the "!" was causing a hang (though at least it isn't parsing anymore), I tried some other things and came up with something that still doesn't work for the "!", but is a bit shorter and perhaps slightly less CPU costly. ** note: the t_commands var should all be one line **------------------------------------[formvariables name=text][redirect url=index.html][/formvariables][text]t_commands=|[url]![/url]|addfields|addlineitem|append|appendfile|applescript|arrayget|arrayset|authenticate|boldwords|browsername|calcfilecrc32|capitalize|cart|case|clearlineitems|closedatabase|command|commitdatabase|convertchars|convertwords|copyfile|copyfolder|countchars|countwords|createfolder|date|ddeconnect|ddesend|decrypt|delete|deletefile|deletefolder|dos|elapsedtime|else|encrypt|exclusivelock|filecompare|fileinfo|findstring|flushcache|flushdatabases|format|format|formvariables|founditems|freememory|function|getchars|getcookie|getmimeheader|grep|hideif|html1|html2|html3|httpmethod|if|include|input|interpret|ipaddress|issecureclient|lastautonumner|lastrandom|lineitems|listchars|listcookies|listdatabases|listfields|listfiles|listmimeheaders|listpath|listvariables|listwords|lookup|lookup|loop|lowercase|math|middle|movefile|object|orderfile|password|platform|product|protect|purchase|random|raw|redirect|referrer|removehtml|removelineitem|replace|replacefounditems|return|returnraw|scope|search|sendmail|setcookie|setheader|setlineitem|setmimeheader|shell|showif|shownext|spawn|sql|sql|sqlconnect|sqldisconnect|sqlexecute|sqlinfo|sqlrelease|sqlresult|switch|table|tcpconnect|tcpsend|then|thisurl|time|unurl|uppercase|url|username|validcard|version|waitforfile|writefile|xmlnode|xmlnodes|xmlnodesattributes|xmlparse|xsl|xslt|[/text][formvariables][showif [t_commands]^|[url][name][/url]|][redirect url=index.html][/showif][/formvariables]------------------------------------If anyone comes up with a solution for "!" I'd be interested.-- Donovan BrookeEuca Design Center[Practical-Ethical-Efficient]www.euca.usegg.bzartglass-forum.com
Associated Messages, from the most recent to the oldest:
|
- Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
- Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
- Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
- Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
- Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context (Donovan Brooke 2011)
- Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
- Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
- Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
- Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context (Donovan Brooke 2011)
- Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context (Donovan Brooke 2011)
- Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
- Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
- Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
- Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
- Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
- [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: (Daniel Meola 2011)
|
Govinda wrote:[snip]>
[!]--- START: to plug up the security hole of when URL hacker passes a> webdna context name as a formvar---[/!][snip]Hi Govinda, that looks like a good solution. Since passing the "!" was causing a hang (though at least it isn't parsing anymore), I tried some other things and came up with something that still doesn't work for the "!", but is a bit shorter and perhaps slightly less CPU costly. ** note: the t_commands var should all be one line **------------------------------------[formvariables name=text][redirect url=index.html][/formvariables]
[text]t_commands=|
[url]![/url]|addfields|addlineitem|append|appendfile|applescript|arrayget|arrayset|authenticate|boldwords|browsername|calcfilecrc32|capitalize|cart|case|clearlineitems|closedatabase|command|commitdatabase|convertchars|convertwords|copyfile|copyfolder|countchars|countwords|createfolder|date|ddeconnect|ddesend|decrypt|delete|deletefile|deletefolder|dos|elapsedtime|else|encrypt|exclusivelock|filecompare|fileinfo|findstring|flushcache|flushdatabases|format|format|formvariables|founditems|freememory|function|getchars|getcookie|getmimeheader|grep|hideif|html1|html2|html3|httpmethod|if|include|input|interpret|ipaddress|issecureclient|lastautonumner|lastrandom|lineitems|listchars|listcookies|listdatabases|listfields|listfiles|listmimeheaders|listpath|listvariables|listwords|lookup|lookup|loop|lowercase|math|middle|movefile|object|orderfile|password|platform|product|protect|purchase|random|raw|redirect|referrer|removehtml|removelineitem|replace|replacefounditems|return|returnraw|scope|search|sendmail|setcookie|setheader|setlineitem|setmimeheader|shell|showif|shownext|spawn|sql|sql|sqlconnect|sqldisconnect|sqlexecute|sqlinfo|sqlrelease|sqlresult|switch|table|tcpconnect|tcpsend|then|thisurl|time|unurl|uppercase|url|username|validcard|version|waitforfile|writefile|xmlnode|xmlnodes|xmlnodesattributes|xmlparse|xsl|xslt|[/text]
[formvariables][showif [t_commands]^|
[url][name][/url]|][redirect url=index.html][/showif][/formvariables]------------------------------------If anyone comes up with a solution for "!" I'd be interested.-- Donovan BrookeEuca Design Center[Practical-Ethical-Efficient]www.euca.usegg.bzartglass-forum.com
Donovan Brooke
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
WebCat2: multiple currency support (1997)
Ongoing group search problems ... (1997)
Adding a product from another site (1997)
Almost a there but..bye bye NetCloak (1997)
2nd WebCatalog2 Feature Request (1996)
emailer (1997)
OT (stupid redirect/refresh question) (2002)
Who needs Yoda! (2002)
TCPConnect misbehavin' for me. (2000)
Calculating Shipping charges for multiple items andqtys > 1 (1997)
NT [delete] (1998)
Huge databases and RAM (1998)
emailer 150 (1997)
[WebDNA] Fails from http:// but works from file:/// (2009)
Can't Update records (1997)
Details of shipping - Totalqty calculations (1997)
Moment of Thanks (1997)
Re:2nd WebCatalog2 Feature Request (1996)
Caching [include] files ... (1997)
Repeating Fields (1997)