numero = 113633
interpreted = N
texte = 1228 --Apple-Mail=_5BA2ECDC-86D6-4E87-8227-E8497C09338B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Turns out the WebDNA version is 8.1 Putting &command=3Dshowcart in the url caused problems. Namely reporting it was version 6.2 (why that happens is beyond me) Created problems with [DATE %Y]=20 I haven=E2=80=99t investigated any other code to determine if there are = any other issues. I guess a left over of the =E2=80=9Cfix=E2=80=9D you referred to. Obviously the old insecure way of putting command and the db path in the = url has been outdated for many years but I guess that is what happens = when you are working on someones old code. Kind regards Stuart Tremain Pharoah Lane Software AUSTRALIA webdna@idfk.com.au > On 23 Jun 2017, at 01:15, Donovan Brooke wrote: >=20 > Version 6.2 had some URL vulnerabilities that were =E2=80=9Cfixed=E2=80=9D= (I use quotes because it wasn=E2=80=99t a graceful fix) in later = versions. =20 >=20 >=20 > Donovan >=20 >=20 >=20 > On Jun 21, 2017, at 5:51 PM, Stuart Tremain = wrote: >=20 >> It turns out that there is some code in the url that is causing = WebDNA to have a problem. >>=20 >> I have reported this to WebDNA. >>=20 >> Kind regards >>=20 >> Stuart Tremain >> Pharoah Lane Software >> AUSTRALIA >> webdna@idfk.com.au >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>> On 22 Jun 2017, at 02:11, Brian Fries wrote: >>>=20 >>> Sounds like you=E2=80=99ve got a variable named =E2=80=9CDATE=E2=80=9D= defined somewhere, overriding the [date] WebDNA tag. >>>=20 >>> Could be a formvariable, text or math variable, DB field name, or an = ORDERFILE header. >>>=20 >>> - Brian >>>=20 >>>=20 >>>> On Jun 20, 2017, at 11:09 PM, Stuart Tremain = wrote: >>>>=20 >>>> I have just come across this on a site I am working on. >>>>=20 >>>> [DATE %Y] returns 06/21/2017%Y] >>>>=20 >>>> I would expect it to return 2017 >>>>=20 >>>> WebDNA v 6.2, I don=E2=80=99t know what OS it is on as I don=E2=80=99= t have access outside the sandbox but I suspect CentOS. >>>>=20 >>>>=20 >>>> Kind regards >>>>=20 >>>> Stuart Tremain >>>> Pharoah Lane Software >>>> AUSTRALIA >>>> webdna@idfk.com.au >>>>=20 >>>=20 >>> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list = talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: = http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: = support@webdna.us >>=20 >> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list = talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: = http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: = support@webdna.us >=20 > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list talk@webdna.us > To unsubscribe, E-mail to: talk-leave@webdna.us > archives: http://www.webdna.us/page.dna?numero=3D55 > Bug Reporting: support@webdna.us --Apple-Mail=_5BA2ECDC-86D6-4E87-8227-E8497C09338B Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Turns out the WebDNA version is 8.1
Putting &command=3Dshowcart = in the url caused problems.
Namely reporting it was version 6.2 = (why that happens is beyond me)
Created problems with [DATE = %Y]
I = haven=E2=80=99t investigated any other code to determine if there are = any other issues.
I guess a left over of the =E2=80=9Cfix=E2=80=9D you referred = to.
Obviously = the old insecure way of putting command and the db path in the url has = been outdated for many years but I guess that is what happens when you = are working on someones old code.
On 23 Jun 2017, at 01:15, Donovan Brooke <dbrooke@euca.us> = wrote:
Version 6.2 had some URL vulnerabilities that were = =E2=80=9Cfixed=E2=80=9D (I use quotes because it wasn=E2=80=99t a = graceful fix) in later versions.
Donovan
On Jun 21, 2017, at 5:51 PM, Stuart Tremain <webdna@idfk.com.au> = wrote:
It turns out that there is some code in the url that is = causing WebDNA to have a problem.
On 22 = Jun 2017, at 02:11, Brian Fries <iphonzie@gmail.com> wrote:
Sounds like you=E2=80=99ve got a variable = named =E2=80=9CDATE=E2=80=9D defined somewhere, overriding the [date] = WebDNA tag.
Could be a formvariable, text = or math variable, DB field name, or an ORDERFILE header. - Brian
On Jun 20, 2017, at = 11:09 PM, Stuart Tremain <webdna@idfk.com.au> wrote:
I have just come across this on a site I am = working on.
[DATE %Y] returns = 06/21/2017%Y]
I would expect it to return = 2017
WebDNA v 6.2, I don=E2=80=99t know = what OS it is on as I don=E2=80=99t have access outside the sandbox but = I suspect CentOS.
Kind = regards
Stuart Tremain Pharoah = Lane Software AUSTRALIA webdna@idfk.com.au
--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us = archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: = support@webdna.us
--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us = archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: = support@webdna.us
= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us --Apple-Mail=_5BA2ECDC-86D6-4E87-8227-E8497C09338B-- .
Associated Messages, from the most recent to the oldest:
1228 --Apple-Mail=_5BA2ECDC-86D6-4E87-8227-E8497C09338B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Turns out the WebDNA version is 8.1 Putting &command=3Dshowcart in the url caused problems. Namely reporting it was version 6.2 (why that happens is beyond me) Created problems with [DATE %Y]=20 I haven=E2=80=99t investigated any other code to determine if there are = any other issues. I guess a left over of the =E2=80=9Cfix=E2=80=9D you referred to. Obviously the old insecure way of putting command and the db path in the = url has been outdated for many years but I guess that is what happens = when you are working on someones old code. Kind regards Stuart Tremain Pharoah Lane Software AUSTRALIA webdna@idfk.com.au > On 23 Jun 2017, at 01:15, Donovan Brooke wrote: >=20 > Version 6.2 had some URL vulnerabilities that were =E2=80=9Cfixed=E2=80=9D= (I use quotes because it wasn=E2=80=99t a graceful fix) in later = versions. =20 >=20 >=20 > Donovan >=20 >=20 >=20 > On Jun 21, 2017, at 5:51 PM, Stuart Tremain = wrote: >=20 >> It turns out that there is some code in the url that is causing = WebDNA to have a problem. >>=20 >> I have reported this to WebDNA. >>=20 >> Kind regards >>=20 >> Stuart Tremain >> Pharoah Lane Software >> AUSTRALIA >> webdna@idfk.com.au >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>> On 22 Jun 2017, at 02:11, Brian Fries wrote: >>>=20 >>> Sounds like you=E2=80=99ve got a variable named =E2=80=9CDATE=E2=80=9D= defined somewhere, overriding the [date] WebDNA tag. >>>=20 >>> Could be a formvariable, text or math variable, DB field name, or an = ORDERFILE header. >>>=20 >>> - Brian >>>=20 >>>=20 >>>> On Jun 20, 2017, at 11:09 PM, Stuart Tremain = wrote: >>>>=20 >>>> I have just come across this on a site I am working on. >>>>=20 >>>> [DATE %Y] returns 06/21/2017%Y] >>>>=20 >>>> I would expect it to return 2017 >>>>=20 >>>> WebDNA v 6.2, I don=E2=80=99t know what OS it is on as I don=E2=80=99= t have access outside the sandbox but I suspect CentOS. >>>>=20 >>>>=20 >>>> Kind regards >>>>=20 >>>> Stuart Tremain >>>> Pharoah Lane Software >>>> AUSTRALIA >>>> webdna@idfk.com.au >>>>=20 >>>=20 >>> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list = talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: = http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: = support@webdna.us >>=20 >> --------------------------------------------------------- This = message is sent to you because you are subscribed to the mailing list = talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: = http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: = support@webdna.us >=20 > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list talk@webdna.us > To unsubscribe, E-mail to: talk-leave@webdna.us > archives: http://www.webdna.us/page.dna?numero=3D55 > Bug Reporting: support@webdna.us --Apple-Mail=_5BA2ECDC-86D6-4E87-8227-E8497C09338B Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Turns out the WebDNA version is 8.1
Putting &command=3Dshowcart = in the url caused problems.
Namely reporting it was version 6.2 = (why that happens is beyond me)
Created problems with [DATE = %Y]
I = haven=E2=80=99t investigated any other code to determine if there are = any other issues.
I guess a left over of the =E2=80=9Cfix=E2=80=9D you referred = to.
Obviously = the old insecure way of putting command and the db path in the url has = been outdated for many years but I guess that is what happens when you = are working on someones old code.
On 23 Jun 2017, at 01:15, Donovan Brooke <dbrooke@euca.us> = wrote:
Version 6.2 had some URL vulnerabilities that were = =E2=80=9Cfixed=E2=80=9D (I use quotes because it wasn=E2=80=99t a = graceful fix) in later versions.
Donovan
On Jun 21, 2017, at 5:51 PM, Stuart Tremain <webdna@idfk.com.au> = wrote:
It turns out that there is some code in the url that is = causing WebDNA to have a problem.
On 22 = Jun 2017, at 02:11, Brian Fries <iphonzie@gmail.com> wrote:
Sounds like you=E2=80=99ve got a variable = named =E2=80=9CDATE=E2=80=9D defined somewhere, overriding the [date] = WebDNA tag.
Could be a formvariable, text = or math variable, DB field name, or an ORDERFILE header. - Brian
On Jun 20, 2017, at = 11:09 PM, Stuart Tremain <webdna@idfk.com.au> wrote:
I have just come across this on a site I am = working on.
[DATE %Y] returns = 06/21/2017%Y]
I would expect it to return = 2017
WebDNA v 6.2, I don=E2=80=99t know = what OS it is on as I don=E2=80=99t have access outside the sandbox but = I suspect CentOS.
Kind = regards
Stuart Tremain Pharoah = Lane Software AUSTRALIA webdna@idfk.com.au
--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us = archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: = support@webdna.us
--------------------------------------------------------- = This message is sent to you because you are subscribed to the mailing = list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us = archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: = support@webdna.us
= --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us --Apple-Mail=_5BA2ECDC-86D6-4E87-8227-E8497C09338B-- .
Stuart Tremain
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...