Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites

This WebDNA talk-list message is from

2010


It keeps the original formatting.
numero = 105326
interpreted = N
texte = Note this bug exists for years. It took 6 years to find it :-) - chris On Jun 14, 2010, at 20:59, Stuart Tremain wrote: > Oh thanks .... NOT :( >=20 >=20 > Regards >=20 > Stuart Tremain > IDFK Web Developments > AUSTRALIA > webdna@idfk.com.au >=20 >=20 >=20 >=20 > On 15/06/2010, at 9:55 AM, Donovan Brooke wrote: >=20 >> Stuart Tremain wrote: >>> I can't replicate that on my sites served from IIS. >>> Regards >>> Stuart Tremain >>> IDFK Web Developments >>> AUSTRALIA >>> webdna@idfk.com.au >>=20 >>=20 >> http://www.idfk.com.au/ourwork.html?search=3D >>=20 >> It's a bug we should not talk much about publicly. >> The scope of the compromise is definitely limited and depends on >> how one codes their site.. but, as developers, we don't want to = spread >> the awareness if we can help it. >>=20 >> I would guess that for most of you and the way you code, your = sensitive >> content is safe. If you are really concerned/paranoid, I can offer to = run some quick tests (when time permits) on a few key templates to let = you know if I can see any concerns. I don't work for WSC anymore, but >> this was a bug I put on the list quite some time ago. >>=20 >> I suggest this be the last public post about this for the good >> of all of us. >>=20 >> Donovan >>=20 >>=20 >> --=20 >> Donovan Brooke >> Euca Design Center >> [Practical-Ethical-Efficient] >> www.euca.us >> egg.bz >> artglass-forum.com >> --------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> archives: http://mail.webdna.us/list/talk@webdna.us >> old archives: http://dev.webdna.us/TalkListArchive/ >> Bug Reporting: = http://forum.webdna.us/eucabb.html?page=3Dtopics&category=3D288 >=20 > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > old archives: http://dev.webdna.us/TalkListArchive/ > Bug Reporting: = http://forum.webdna.us/eucabb.html?page=3Dtopics&category(8 Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites ("Mr. Robert Minor Jr." 2010)
  2. Re: [WebDNA] Putting '&search' into URL killing all search (Alex McCombie 2010)
  3. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Govinda 2010)
  4. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  5. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  6. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Govinda 2010)
  7. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (christophe.billiottet@webdna.us 2010)
  8. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  9. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (christophe.billiottet@webdna.us 2010)
  10. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Marc Thompson 2010)
  11. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Govinda 2010)
  12. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (christophe.billiottet@webdna.us 2010)
  13. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  14. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Brian Fries 2010)
  15. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Govinda 2010)
  16. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Kenneth Grome 2010)
  17. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Govinda 2010)
  18. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  19. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  20. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  21. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites ("Mr. Robert Minor Jr." 2010)
  22. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  23. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  24. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Brian Fries 2010)
  25. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  26. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Kenneth Grome 2010)
  27. RE: [WebDNA] Putting '&search' into URL killing all search contexts on my sites ("Olin Lagon" 2010)
  28. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (christophe.billiottet@webdna.us 2010)
  29. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Stuart Tremain 2010)
  30. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Donovan Brooke 2010)
  31. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Stuart Tremain 2010)
  32. Re: [WebDNA] Putting '&search' into URL killing all search contexts (Tom Duke 2010)
  33. Re: [WebDNA] Putting '&search' into URL killing all search contexts on my sites (christophe.billiottet@webdna.us 2010)
  34. [WebDNA] Putting '&search' into URL killing all search contexts on my sites (Tom Duke 2010)
Note this bug exists for years. It took 6 years to find it :-) - chris On Jun 14, 2010, at 20:59, Stuart Tremain wrote: > Oh thanks .... NOT :( >=20 >=20 > Regards >=20 > Stuart Tremain > IDFK Web Developments > AUSTRALIA > webdna@idfk.com.au >=20 >=20 >=20 >=20 > On 15/06/2010, at 9:55 AM, Donovan Brooke wrote: >=20 >> Stuart Tremain wrote: >>> I can't replicate that on my sites served from IIS. >>> Regards >>> Stuart Tremain >>> IDFK Web Developments >>> AUSTRALIA >>> webdna@idfk.com.au >>=20 >>=20 >> http://www.idfk.com.au/ourwork.html?search=3D >>=20 >> It's a bug we should not talk much about publicly. >> The scope of the compromise is definitely limited and depends on >> how one codes their site.. but, as developers, we don't want to = spread >> the awareness if we can help it. >>=20 >> I would guess that for most of you and the way you code, your = sensitive >> content is safe. If you are really concerned/paranoid, I can offer to = run some quick tests (when time permits) on a few key templates to let = you know if I can see any concerns. I don't work for WSC anymore, but >> this was a bug I put on the list quite some time ago. >>=20 >> I suggest this be the last public post about this for the good >> of all of us. >>=20 >> Donovan >>=20 >>=20 >> --=20 >> Donovan Brooke >> Euca Design Center >> [Practical-Ethical-Efficient] >> www.euca.us >> egg.bz >> artglass-forum.com >> --------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> archives: http://mail.webdna.us/list/talk@webdna.us >> old archives: http://dev.webdna.us/TalkListArchive/ >> Bug Reporting: = http://forum.webdna.us/eucabb.html?page=3Dtopics&category=3D288 >=20 > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > old archives: http://dev.webdna.us/TalkListArchive/ > Bug Reporting: = http://forum.webdna.us/eucabb.html?page=3Dtopics&category(8 christophe.billiottet@webdna.us

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Moment of Thanks (1997) WebCatalog for Postcards ? (1997) Multiple Merchant Accounts? (1997) Interfacing WebMerchant to www.fedex.com (1997) a * question (2003) 2nd WebCatalog2 Feature Request (1996) Count regular expressions in a file (2007) Why would prices no appear in cart (2000) [ot] Raid Cards for RH ES (2004) WebCat2b15MacPlugin - showing [math] (1997) Robust WebDNA Job Manager / Accountant (2006) help (2001) Merchant account (1998) No data - More Info (1997) [CART] (1997) Poll using WebCat (1998) QuitFeedback & DBNotOpened errors (1997) Unix line endings (2003) Fun with Dates - revisited (1997) [ShowIf] and empty fields (1997)