Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile]

This WebDNA talk-list message is from

2011


It keeps the original formatting.
numero = 107116
interpreted = N
texte = --bcaec5015f2b4aaf0004a9216912 Content-Type: text/plain; charset=ISO-8859-1 Unfortunately we are very reliant on the old e-commerce tags as you suspected so upgrading to v7 will be a long ways off. We are doing some troubleshooting to see how our server filled to capacity so quickly but it has at least temporarily been fixed by removing some old files. I really appreciate the code you sent- we are implementing this immediately. Thanks! Daniel Meola 301-486-0901 daniel@knifecenter.com On Thu, Jul 28, 2011 at 9:39 AM, Govinda wrote: > Hi Daniel > > I noticed in a google search for our error that one of the indexed urls > had &!=1 at the end of it, causing the entire page to break. > This also breaks webdna.us when added to the end of URLs. > > > The original issue you asked about (suddenly failing orders) sounds like > something got corrupted.. which I am not addressing here.. but this ^^^ is a > known bug in webdna ... before version 7. If you pass the name of a webdna > context as though it were a URL/form-variable (for example the comment > context, e.g. "page.html?aaa=bbb&!=x", then it sticks in "x" in place of all > the "[!]"'s on your page! ...Thus breaking all the comment tags... and > exposing code you meant to have commented out! Obviously this is a really > dangerous bug. The solution (if you cannot or should not upgrade to version > 7.. and here I am guessing you will not want to.. on account of your using > the old built-in e-commerce tags (?)) is to use code such as this in your > pre-parse script.. (or else in an include you place at the top of every > page) : > (you can make the [redirect] redirect to wherever you want.. here it goes > to the default/home page.) > > > [!]--- START: to plug up the security hole of when URL hacker passes a > webdna context name as a formvar---[/!][!] > [/!][formvariables name=!][redirect /][/formvariables][!] > [/!][formvariables name=addfields][redirect /][/formvariables][!] > [/!][formvariables name=addlineitem][redirect /][/formvariables][!] > [/!][formvariables name=append][redirect /][/formvariables][!] > [/!][formvariables name=appendfile][redirect /][/formvariables][!] > [/!][formvariables name=applescript][redirect /][/formvariables][!] > [/!][formvariables name=arrayget][redirect /][/formvariables][!] > [/!][formvariables name=arrayset][redirect /][/formvariables][!] > [/!][formvariables name=authenticate][redirect /][/formvariables][!] > [/!][formvariables name=boldwords][redirect /][/formvariables][!] > [/!][formvariables name=browsername][redirect /][/formvariables][!] > [/!][formvariables name=calcfilecrc32][redirect /][/formvariables][!] > [/!][formvariables name=capitalize][redirect /][/formvariables][!] > [/!][formvariables name=cart][redirect /][/formvariables][!] > [/!][formvariables name=case][redirect /][/formvariables][!] > [/!][formvariables name=clearlineitems][redirect /][/formvariables][!] > [/!][formvariables name=closedatabase][redirect /][/formvariables][!] > [/!][formvariables name=command][redirect /][/formvariables][!] > [/!][formvariables name=commitdatabase][redirect /][/formvariables][!] > [/!][formvariables name=convertchars][redirect /][/formvariables][!] > [/!][formvariables name=convertwords][redirect /][/formvariables][!] > [/!][formvariables name=copyfile][redirect /][/formvariables][!] > [/!][formvariables name=copyfolder][redirect /][/formvariables][!] > [/!][formvariables name=countchars][redirect /][/formvariables][!] > [/!][formvariables name=countwords][redirect /][/formvariables][!] > [/!][formvariables name=createfolder][redirect /][/formvariables][!] > [/!][formvariables name=date][redirect /][/formvariables][!] > [/!][formvariables name=ddeconnect][redirect /][/formvariables][!] > [/!][formvariables name=ddesend][redirect /][/formvariables][!] > [/!][formvariables name=decrypt][redirect /][/formvariables][!] > [/!][formvariables name=delete][redirect /][/formvariables][!] > [/!][formvariables name=deletefile][redirect /][/formvariables][!] > [/!][formvariables name=deletefolder][redirect /][/formvariables][!] > [/!][formvariables name=dos][redirect /][/formvariables][!] > [/!][formvariables name=elapsedtime][redirect /][/formvariables][!] > [/!][formvariables name=else][redirect /][/formvariables][!] > [/!][formvariables name=encrypt][redirect /][/formvariables][!] > [/!][formvariables name=exclusivelock][redirect /][/formvariables][!] > [/!][formvariables name=filecompare][redirect /][/formvariables][!] > [/!][formvariables name=fileinfo][redirect /][/formvariables][!] > [/!][formvariables name=findstring][redirect /][/formvariables][!] > [/!][formvariables name=flushcache][redirect /][/formvariables][!] > [/!][formvariables name=flushdatabases][redirect /][/formvariables][!] > [/!][formvariables name=format][redirect /][/formvariables][!] > [/!][formvariables name=format][redirect /][/formvariables][!] > [/!][formvariables name=formvariables][redirect /][/formvariables][!] > [/!][formvariables name=founditems][redirect /][/formvariables][!] > [/!][formvariables name=freememory][redirect /][/formvariables][!] > [/!][formvariables name=function][redirect /][/formvariables][!] > [/!][formvariables name=getchars][redirect /][/formvariables][!] > [/!][formvariables name=getcookie][redirect /][/formvariables][!] > [/!][formvariables name=getmimeheader][redirect /][/formvariables][!] > [/!][formvariables name=grep][redirect /][/formvariables][!] > [/!][formvariables name=hideif][redirect /][/formvariables][!] > [/!][formvariables name=html1][redirect /][/formvariables][!] > [/!][formvariables name=html2][redirect /][/formvariables][!] > [/!][formvariables name=html3][redirect /][/formvariables][!] > [/!][formvariables name=httpmethod][redirect /][/formvariables][!] > [/!][formvariables name=if][redirect /][/formvariables][!] > [/!][formvariables name=include][redirect /][/formvariables][!] > [/!][formvariables name=input][redirect /][/formvariables][!] > [/!][formvariables name=interpret][redirect /][/formvariables][!] > [/!][formvariables name=ipaddress][redirect /][/formvariables][!] > [/!][formvariables name=issecureclient][redirect /][/formvariables][!] > [/!][formvariables name=lastautonumner][redirect /][/formvariables][!] > [/!][formvariables name=lastrandom][redirect /][/formvariables][!] > [/!][formvariables name=lineitems][redirect /][/formvariables][!] > [/!][formvariables name=listchars][redirect /][/formvariables][!] > [/!][formvariables name=listcookies][redirect /][/formvariables][!] > [/!][formvariables name=listdatabases][redirect /][/formvariables][!] > [/!][formvariables name=listfields][redirect /][/formvariables][!] > [/!][formvariables name=listfiles][redirect /][/formvariables][!] > [/!][formvariables name=listmimeheaders][redirect /][/formvariables][!] > [/!][formvariables name=listpath][redirect /][/formvariables][!] > [/!][formvariables name=listvariables][redirect /][/formvariables][!] > [/!][formvariables name=listwords][redirect /][/formvariables][!] > [/!][formvariables name=lookup][redirect /][/formvariables][!] > [/!][formvariables name=lookup][redirect /][/formvariables][!] > [/!][formvariables name=loop][redirect /][/formvariables][!] > [/!][formvariables name=lowercase][redirect /][/formvariables][!] > [/!][formvariables name=math][redirect /][/formvariables][!] > [/!][formvariables name=middle][redirect /][/formvariables][!] > [/!][formvariables name=movefile][redirect /][/formvariables][!] > [/!][formvariables name=object][redirect /][/formvariables][!] > [/!][formvariables name=orderfile][redirect /][/formvariables][!] > [/!][formvariables name=password][redirect /][/formvariables][!] > [/!][formvariables name=platform][redirect /][/formvariables][!] > [/!][formvariables name=product][redirect /][/formvariables][!] > [/!][formvariables name=protect][redirect /][/formvariables][!] > [/!][formvariables name=purchase][redirect /][/formvariables][!] > [/!][formvariables name=random][redirect /][/formvariables][!] > [/!][formvariables name=raw][redirect /][/formvariables][!] > [/!][formvariables name=redirect][redirect /][/formvariables][!] > [/!][formvariables name=referrer][redirect /][/formvariables][!] > [/!][formvariables name=removehtml][redirect /][/formvariables][!] > [/!][formvariables name=removelineitem][redirect /][/formvariables][!] > [/!][formvariables name=replace][redirect /][/formvariables][!] > [/!][formvariables name=replacefounditems][redirect /][/formvariables][!] > [/!][formvariables name=return][redirect /][/formvariables][!] > [/!][formvariables name=returnraw][redirect /][/formvariables][!] > [/!][formvariables name=scope][redirect /][/formvariables][!] > [/!][formvariables name=search][redirect /][/formvariables][!] > [/!][formvariables name=sendmail][redirect /][/formvariables][!] > [/!][formvariables name=setcookie][redirect /][/formvariables][!] > [/!][formvariables name=setheader][redirect /][/formvariables][!] > [/!][formvariables name=setlineitem][redirect /][/formvariables][!] > [/!][formvariables name=setmimeheader][redirect /][/formvariables][!] > [/!][formvariables name=shell][redirect /][/formvariables][!] > [/!][formvariables name=showif][redirect /][/formvariables][!] > [/!][formvariables name=shownext][redirect /][/formvariables][!] > [/!][formvariables name=spawn][redirect /][/formvariables][!] > [/!][formvariables name=sql][redirect /][/formvariables][!] > [/!][formvariables name=sql][redirect /][/formvariables][!] > [/!][formvariables name=sqlconnect][redirect /][/formvariables][!] > [/!][formvariables name=sqldisconnect][redirect /][/formvariables][!] > [/!][formvariables name=sqlexecute][redirect /][/formvariables][!] > [/!][formvariables name=sqlinfo][redirect /][/formvariables][!] > [/!][formvariables name=sqlrelease][redirect /][/formvariables][!] > [/!][formvariables name=sqlresult][redirect /][/formvariables][!] > [/!][formvariables name=switch][redirect /][/formvariables][!] > [/!][formvariables name=table][redirect /][/formvariables][!] > [/!][formvariables name=tcpconnect][redirect /][/formvariables][!] > [/!][formvariables name=tcpsend][redirect /][/formvariables][!] > [/!][formvariables name=text][redirect /][/formvariables][!] > [/!][formvariables name=then][redirect /][/formvariables][!] > [/!][formvariables name=thisurl][redirect /][/formvariables][!] > [/!][formvariables name=time][redirect /][/formvariables][!] > [/!][formvariables name=unurl][redirect /][/formvariables][!] > [/!][formvariables name=uppercase][redirect /][/formvariables][!] > [/!][formvariables name=url][redirect /][/formvariables][!] > [/!][formvariables name=username][redirect /][/formvariables][!] > [/!][formvariables name=validcard][redirect /][/formvariables][!] > [/!][formvariables name=version][redirect /][/formvariables][!] > [/!][formvariables name=version][redirect /][/formvariables][!] > [/!][formvariables name=waitforfile][redirect /][/formvariables][!] > [/!][formvariables name=writefile][redirect /][/formvariables][!] > [/!][formvariables name=xmlnode][redirect /][/formvariables][!] > [/!][formvariables name=xmlnodes][redirect /][/formvariables][!] > [/!][formvariables name=xmlnodesattributes][redirect /][/formvariables][!] > [/!][formvariables name=xmlparse][redirect /][/formvariables][!] > [/!][formvariables name=xsl][redirect /][/formvariables][!] > [/!][formvariables name=xslt][redirect /][/formvariables][!] > [/!][!]--- END: to plug up the security hole of when URL hacker passes a > webdna context name as a formvar---[/!] > > --------------------------------------------------------- This message is > sent to you because you are subscribed to the mailing list **. To > unsubscribe, E-mail to: ** archives: > http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --bcaec5015f2b4aaf0004a9216912 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Unfortunately we are very reliant on the old e-commerce tags as you suspect= ed so upgrading to v7 will be a long ways off. We are doing some troublesho= oting to see how our server filled to capacity so quickly but it has at lea= st temporarily been fixed by removing some old files.

I really appreciate the code you sent- we are implementing t= his immediately.

Thanks!
Daniel Meola
301-486-0= 901
daniel@knifecenter.com
<= br>

On Thu, Jul 28, 2011 at 9:39 AM, Govinda= <govi= nda.webdnatalk@gmail.com> wrote:
Hi Daniel

I noticed in a google search for our error= that one of the indexed urls had=A0&!=3D1 at the end of it, causing th= e entire page to break.=A0
This also breaks webdn= a.us when added to the end of URLs.=A0

The original is= sue you asked about (suddenly failing orders) sounds like something got cor= rupted.. which I am not addressing here.. but this ^^^ is a known bug in we= bdna ... before version 7. =A0If you pass the name of a webdna context as t= hough it were a URL/form-variable (for example the comment context, e.g. &q= uot;page.html?aaa=3Dbbb&!=3Dx", then it sticks in "x" in= place of all the "[!]"'s on your page! =A0...Thus breaking a= ll the comment tags... =A0and exposing code you meant to have commented out= ! =A0Obviously this is a really dangerous bug. =A0The solution (if you cann= ot or should not upgrade to version 7.. and here I am guessing you will not= want to.. on account of your using the old built-in e-commerce tags (?)) = =A0is to use code such as this in your pre-parse script.. (or else in an in= clude you place at the top of every page) :
(you can make the [redirect] redirect to wherever you want.. =A0here i= t goes to the default/home page.)


<= div>[!]--- START: to plug up the security hole of when URL hacker passes a = webdna context name as a formvar---[/!][!]
[/!][formvariables name=3D!][redirect /][/formvariables][!]
= [/!][formvariables name=3Daddfields][redirect /][/formvariables][!]
[/!][formvariables name=3Daddlineitem][redirect /][/formvariables][!]
[/!][formvariables name=3Dappend][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dappendfile][redirect /][/formvariables][!]
[/!][formvariables name=3Dapplescript][redirect /][/formvariables]= [!]
[/!][formvariables name=3Darrayget][redirect /][/formvariables][!]
[/!][formvariables name=3Darrayset][redirect /][/formvariables][!]
[/!][formvariables name=3Dauthenticate][redirect /][/formvariables= ][!]
[/!][formvariables name=3Dboldwords][redirect /][/formvariables][!]
[/!][formvariables name=3Dbrowsername][redirect /][/formvariables][= !]
[/!][formvariables name=3Dcalcfilecrc32][redirect /][/formvari= ables][!]
[/!][formvariables name=3Dcapitalize][redirect /][/formvariables][!]
[/!][formvariables name=3Dcart][redirect /][/formvariables][!]
[/!][formvariables name=3Dcase][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dclearlineitems][redirect /][/formvariables][!]
[/!][formvariables name=3Dclosedatabase][redirect /][/formvariables= ][!]
[/!][formvariables name=3Dcommand][redirect /][/formvariable= s][!]
[/!][formvariables name=3Dcommitdatabase][redirect /][/formvariables][= !]
[/!][formvariables name=3Dconvertchars][redirect /][/formvaria= bles][!]
[/!][formvariables name=3Dconvertwords][redirect /][/for= mvariables][!]
[/!][formvariables name=3Dcopyfile][redirect /][/formvariables][!]
[/!][formvariables name=3Dcopyfolder][redirect /][/formvariables][!]=
[/!][formvariables name=3Dcountchars][redirect /][/formvariables= ][!]
[/!][formvariables name=3Dcountwords][redirect /][/formvariables][!]
[/!][formvariables name=3Dcreatefolder][redirect /][/formvariables= ][!]
[/!][formvariables name=3Ddate][redirect /][/formvariables][= !]
[/!][formvariables name=3Dddeconnect][redirect /][/formvariables][!]
[/!][formvariables name=3Dddesend][redirect /][/formvariables][!]<= /div>
[/!][formvariables name=3Ddecrypt][redirect /][/formvariables][!]=
[/!][formvariables name=3Ddelete][redirect /][/formvariables][!]
=
[/!][formvariables name=3Ddeletefile][redirect /][/formvariables][!]
[/!][formvariables name=3Ddeletefolder][redirect /][/formvariables= ][!]
[/!][formvariables name=3Ddos][redirect /][/formvariables][!]
[/!][formvariables name=3Delapsedtime][redirect /][/formvariables][!]
[/!][formvariables name=3Delse][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dencrypt][redirect /][/formvariables][!]
[/!][formvariables name=3Dexclusivelock][redirect /][/formvariables][!]
[/!][formvariables name=3Dfilecompare][redirect /][/formvariables][= !]
[/!][formvariables name=3Dfileinfo][redirect /][/formvariables][!]
[/!][formvariables name=3Dfindstring][redirect /][/formvariables][!]=
[/!][formvariables name=3Dflushcache][redirect /][/formvariables= ][!]
[/!][formvariables name=3Dflushdatabases][redirect /][/formvariables][= !]
[/!][formvariables name=3Dformat][redirect /][/formvariables][= !]
[/!][formvariables name=3Dformat][redirect /][/formvariables][= !]
[/!][formvariables name=3Dformvariables][redirect /][/formvariables][!= ]
[/!][formvariables name=3Dfounditems][redirect /][/formvariable= s][!]
[/!][formvariables name=3Dfreememory][redirect /][/formvari= ables][!]
[/!][formvariables name=3Dfunction][redirect /][/formvariables][!]
[/!][formvariables name=3Dgetchars][redirect /][/formvariables][!]
[/!][formvariables name=3Dgetcookie][redirect /][/formvariables][!= ]
[/!][formvariables name=3Dgetmimeheader][redirect /][/formvariables][!= ]
[/!][formvariables name=3Dgrep][redirect /][/formvariables][!]<= /div>
[/!][formvariables name=3Dhideif][redirect /][/formvariables][!]<= /div>
[/!][formvariables name=3Dhtml1][redirect /][/formvariables][!]
<= div>[/!][formvariables name=3Dhtml2][redirect /][/formvariables][!]
[/!][formvariables name=3Dhtml3][redirect /][/formvariables][!]
[/!][formvariables name=3Dhttpmethod][redirect /][/formvariables][!]
<= div>[/!][formvariables name=3Dif][redirect /][/formvariables][!]
= [/!][formvariables name=3Dinclude][redirect /][/formvariables][!]
[/!][formvariables name=3Dinput][redirect /][/formvariables][!]
[/!][formvariables name=3Dinterpret][redirect /][/formvariables][!]
[/!][formvariables name=3Dipaddress][redirect /][/formvariables][!]=
[/!][formvariables name=3Dissecureclient][redirect /][/formvaria= bles][!]
[/!][formvariables name=3Dlastautonumner][redirect /][/formvariables][= !]
[/!][formvariables name=3Dlastrandom][redirect /][/formvariabl= es][!]
[/!][formvariables name=3Dlineitems][redirect /][/formvari= ables][!]
[/!][formvariables name=3Dlistchars][redirect /][/formvariables][!]
[/!][formvariables name=3Dlistcookies][redirect /][/formvariables][= !]
[/!][formvariables name=3Dlistdatabases][redirect /][/formvari= ables][!]
[/!][formvariables name=3Dlistfields][redirect /][/formvariables][!]
[/!][formvariables name=3Dlistfiles][redirect /][/formvariables][!= ]
[/!][formvariables name=3Dlistmimeheaders][redirect /][/formvar= iables][!]
[/!][formvariables name=3Dlistpath][redirect /][/formvariables][!]
[/!][formvariables name=3Dlistvariables][redirect /][/formvariables]= [!]
[/!][formvariables name=3Dlistwords][redirect /][/formvariabl= es][!]
[/!][formvariables name=3Dlookup][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dlookup][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dloop][redirect /][/formvariables][!]
[/!][formvariables name=3Dlowercase][redirect /][/formvariables][!]
[/!][formvariables name=3Dmath][redirect /][/formvariables][!]
[/!][formvariables name=3Dmiddle][redirect /][/formvariables][!]
[/!][formvariables name=3Dmovefile][redirect /][/formvariables][!]
[/!][formvariables name=3Dobject][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dorderfile][redirect /][/formvariables][!]
[/!][formvariables name=3Dpassword][redirect /][/formvariables][!]<= /div>
[/!][formvariables name=3Dplatform][redirect /][/formvariables][!]
[/!][formvariables name=3Dproduct][redirect /][/formvariables][!]
[/!][formvariables name=3Dprotect][redirect /][/formvariables][!]
[/!][formvariables name=3Dpurchase][redirect /][/formvariables][!]
[/!][formvariables name=3Drandom][redirect /][/formvariables][!]
[/!][formvariables name=3Draw][redirect /][/formvariables][!]
<= div> [/!][formvariables name=3Dredirect][redirect /][/formvariables][!]
[/!][formvariables name=3Dreferrer][redirect /][/formvariables][!]
<= div>[/!][formvariables name=3Dremovehtml][redirect /][/formvariables][!]
[/!][formvariables name=3Dremovelineitem][redirect /][/formvariables][= !]
[/!][formvariables name=3Dreplace][redirect /][/formvariables]= [!]
[/!][formvariables name=3Dreplacefounditems][redirect /][/for= mvariables][!]
[/!][formvariables name=3Dreturn][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dreturnraw][redirect /][/formvariables][!]
[/!][formvariables name=3Dscope][redirect /][/formvariables][!]
[/!][formvariables name=3Dsearch][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dsendmail][redirect /][/formvariables][!]
[/!][formvariables name=3Dsetcookie][redirect /][/formvariables][!]<= /div>
[/!][formvariables name=3Dsetheader][redirect /][/formvariables][!]
[/!][formvariables name=3Dsetlineitem][redirect /][/formvariables][= !]
[/!][formvariables name=3Dsetmimeheader][redirect /][/formvari= ables][!]
[/!][formvariables name=3Dshell][redirect /][/formvariables][!]
<= div>[/!][formvariables name=3Dshowif][redirect /][/formvariables][!]
<= div>[/!][formvariables name=3Dshownext][redirect /][/formvariables][!]
[/!][formvariables name=3Dspawn][redirect /][/formvariables][!]
[= /!][formvariables name=3Dsql][redirect /][/formvariables][!]
[/!]= [formvariables name=3Dsql][redirect /][/formvariables][!]
[/!][fo= rmvariables name=3Dsqlconnect][redirect /][/formvariables][!]
[/!][formvariables name=3Dsqldisconnect][redirect /][/formvariables][!= ]
[/!][formvariables name=3Dsqlexecute][redirect /][/formvariable= s][!]
[/!][formvariables name=3Dsqlinfo][redirect /][/formvariabl= es][!]
[/!][formvariables name=3Dsqlrelease][redirect /][/formvariables][!]
[/!][formvariables name=3Dsqlresult][redirect /][/formvariables][!= ]
[/!][formvariables name=3Dswitch][redirect /][/formvariables][!= ]
[/!][formvariables name=3Dtable][redirect /][/formvariables][!]
<= div>[/!][formvariables name=3Dtcpconnect][redirect /][/formvariables][!]
[/!][formvariables name=3Dtcpsend][redirect /][/formvariables][!]
[/!][formvariables name=3Dtext][redirect /][/formvariables][!]
[/!][formvariables name=3Dthen][redirect /][/formvariables][!]
[/!][formvariables name=3Dthisurl][redirect /][/formvariables][!]
[/!][formvariables name=3Dtime][redirect /][/formvariables][!]
[/= !][formvariables name=3Dunurl][redirect /][/formvariables][!]
[/!= ][formvariables name=3Duppercase][redirect /][/formvariables][!]
= [/!][formvariables name=3Durl][redirect /][/formvariables][!]
[/!][formvariables name=3Dusername][redirect /][/formvariables][!]
[/!][formvariables name=3Dvalidcard][redirect /][/formvariables][!]<= /div>
[/!][formvariables name=3Dversion][redirect /][/formvariables][!]=
[/!][formvariables name=3Dversion][redirect /][/formvariables][!]
[/!][formvariables name=3Dwaitforfile][redirect /][/formvariables][!]=
[/!][formvariables name=3Dwritefile][redirect /][/formvariables]= [!]
[/!][formvariables name=3Dxmlnode][redirect /][/formvariables][!]
[/!][formvariables name=3Dxmlnodes][redirect /][/formvariables][!]
[/!][formvariables name=3Dxmlnodesattributes][redirect /][/formvari= ables][!]
[/!][formvariables name=3Dxmlparse][redirect /][/formvariables][!]
[/!][formvariables name=3Dxsl][redirect /][/formvariables][!]
<= div>[/!][formvariables name=3Dxslt][redirect /][/formvariables][!]
[/!][!]--- END: to plug up the security hole of when URL hacker passes a we= bdna context name as a formvar---[/!]

--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: suppo= rt@webdna.us

--bcaec5015f2b4aaf0004a9216912-- Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  2. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  3. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  4. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  5. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context (Donovan Brooke 2011)
  6. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  7. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  8. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  9. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context (Donovan Brooke 2011)
  10. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] (Tom Duke 2011)
  11. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context (Donovan Brooke 2011)
  12. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  13. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] (Daniel Meola 2011)
  14. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  15. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] (Daniel Meola 2011)
  16. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] (Daniel Meola 2011)
  17. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  18. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  19. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] (Daniel Meola 2011)
  20. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] (Daniel Meola 2011)
  21. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  22. [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: (Daniel Meola 2011)
--bcaec5015f2b4aaf0004a9216912 Content-Type: text/plain; charset=ISO-8859-1 Unfortunately we are very reliant on the old e-commerce tags as you suspected so upgrading to v7 will be a long ways off. We are doing some troubleshooting to see how our server filled to capacity so quickly but it has at least temporarily been fixed by removing some old files. I really appreciate the code you sent- we are implementing this immediately. Thanks! Daniel Meola 301-486-0901 daniel@knifecenter.com On Thu, Jul 28, 2011 at 9:39 AM, Govinda wrote: > Hi Daniel > > I noticed in a google search for our error that one of the indexed urls > had &!=1 at the end of it, causing the entire page to break. > This also breaks webdna.us when added to the end of URLs. > > > The original issue you asked about (suddenly failing orders) sounds like > something got corrupted.. which I am not addressing here.. but this ^^^ is a > known bug in webdna ... before version 7. If you pass the name of a webdna > context as though it were a URL/form-variable (for example the comment > context, e.g. "page.html?aaa=bbb&!=x", then it sticks in "x" in place of all > the "[!]"'s on your page! ...Thus breaking all the comment tags... and > exposing code you meant to have commented out! Obviously this is a really > dangerous bug. The solution (if you cannot or should not upgrade to version > 7.. and here I am guessing you will not want to.. on account of your using > the old built-in e-commerce tags (?)) is to use code such as this in your > pre-parse script.. (or else in an include you place at the top of every > page) : > (you can make the [redirect] redirect to wherever you want.. here it goes > to the default/home page.) > > > [!]--- START: to plug up the security hole of when URL hacker passes a > webdna context name as a formvar---[/!][!] > [/!][formvariables name=!][redirect /][/formvariables][!] > [/!][formvariables name=addfields][redirect /][/formvariables][!] > [/!][formvariables name=addlineitem][redirect /][/formvariables][!] > [/!][formvariables name=append][redirect /][/formvariables][!] > [/!][formvariables name=appendfile][redirect /][/formvariables][!] > [/!][formvariables name=applescript][redirect /][/formvariables][!] > [/!][formvariables name=arrayget][redirect /][/formvariables][!] > [/!][formvariables name=arrayset][redirect /][/formvariables][!] > [/!][formvariables name=authenticate][redirect /][/formvariables][!] > [/!][formvariables name=boldwords][redirect /][/formvariables][!] > [/!][formvariables name=browsername][redirect /][/formvariables][!] > [/!][formvariables name=calcfilecrc32][redirect /][/formvariables][!] > [/!][formvariables name=capitalize][redirect /][/formvariables][!] > [/!][formvariables name=cart][redirect /][/formvariables][!] > [/!][formvariables name=case][redirect /][/formvariables][!] > [/!][formvariables name=clearlineitems][redirect /][/formvariables][!] > [/!][formvariables name=closedatabase][redirect /][/formvariables][!] > [/!][formvariables name=command][redirect /][/formvariables][!] > [/!][formvariables name=commitdatabase][redirect /][/formvariables][!] > [/!][formvariables name=convertchars][redirect /][/formvariables][!] > [/!][formvariables name=convertwords][redirect /][/formvariables][!] > [/!][formvariables name=copyfile][redirect /][/formvariables][!] > [/!][formvariables name=copyfolder][redirect /][/formvariables][!] > [/!][formvariables name=countchars][redirect /][/formvariables][!] > [/!][formvariables name=countwords][redirect /][/formvariables][!] > [/!][formvariables name=createfolder][redirect /][/formvariables][!] > [/!][formvariables name=date][redirect /][/formvariables][!] > [/!][formvariables name=ddeconnect][redirect /][/formvariables][!] > [/!][formvariables name=ddesend][redirect /][/formvariables][!] > [/!][formvariables name=decrypt][redirect /][/formvariables][!] > [/!][formvariables name=delete][redirect /][/formvariables][!] > [/!][formvariables name=deletefile][redirect /][/formvariables][!] > [/!][formvariables name=deletefolder][redirect /][/formvariables][!] > [/!][formvariables name=dos][redirect /][/formvariables][!] > [/!][formvariables name=elapsedtime][redirect /][/formvariables][!] > [/!][formvariables name=else][redirect /][/formvariables][!] > [/!][formvariables name=encrypt][redirect /][/formvariables][!] > [/!][formvariables name=exclusivelock][redirect /][/formvariables][!] > [/!][formvariables name=filecompare][redirect /][/formvariables][!] > [/!][formvariables name=fileinfo][redirect /][/formvariables][!] > [/!][formvariables name=findstring][redirect /][/formvariables][!] > [/!][formvariables name=flushcache][redirect /][/formvariables][!] > [/!][formvariables name=flushdatabases][redirect /][/formvariables][!] > [/!][formvariables name=format][redirect /][/formvariables][!] > [/!][formvariables name=format][redirect /][/formvariables][!] > [/!][formvariables name=formvariables][redirect /][/formvariables][!] > [/!][formvariables name=founditems][redirect /][/formvariables][!] > [/!][formvariables name=freememory][redirect /][/formvariables][!] > [/!][formvariables name=function][redirect /][/formvariables][!] > [/!][formvariables name=getchars][redirect /][/formvariables][!] > [/!][formvariables name=getcookie][redirect /][/formvariables][!] > [/!][formvariables name=getmimeheader][redirect /][/formvariables][!] > [/!][formvariables name=grep][redirect /][/formvariables][!] > [/!][formvariables name=hideif][redirect /][/formvariables][!] > [/!][formvariables name=html1][redirect /][/formvariables][!] > [/!][formvariables name=html2][redirect /][/formvariables][!] > [/!][formvariables name=html3][redirect /][/formvariables][!] > [/!][formvariables name=httpmethod][redirect /][/formvariables][!] > [/!][formvariables name=if][redirect /][/formvariables][!] > [/!][formvariables name=include][redirect /][/formvariables][!] > [/!][formvariables name=input][redirect /][/formvariables][!] > [/!][formvariables name=interpret][redirect /][/formvariables][!] > [/!][formvariables name=ipaddress][redirect /][/formvariables][!] > [/!][formvariables name=issecureclient][redirect /][/formvariables][!] > [/!][formvariables name=lastautonumner][redirect /][/formvariables][!] > [/!][formvariables name=lastrandom][redirect /][/formvariables][!] > [/!][formvariables name=lineitems][redirect /][/formvariables][!] > [/!][formvariables name=listchars][redirect /][/formvariables][!] > [/!][formvariables name=listcookies][redirect /][/formvariables][!] > [/!][formvariables name=listdatabases][redirect /][/formvariables][!] > [/!][formvariables name=listfields][redirect /][/formvariables][!] > [/!][formvariables name=listfiles][redirect /][/formvariables][!] > [/!][formvariables name=listmimeheaders][redirect /][/formvariables][!] > [/!][formvariables name=listpath][redirect /][/formvariables][!] > [/!][formvariables name=listvariables][redirect /][/formvariables][!] > [/!][formvariables name=listwords][redirect /][/formvariables][!] > [/!][formvariables name=lookup][redirect /][/formvariables][!] > [/!][formvariables name=lookup][redirect /][/formvariables][!] > [/!][formvariables name=loop][redirect /][/formvariables][!] > [/!][formvariables name=lowercase][redirect /][/formvariables][!] > [/!][formvariables name=math][redirect /][/formvariables][!] > [/!][formvariables name=middle][redirect /][/formvariables][!] > [/!][formvariables name=movefile][redirect /][/formvariables][!] > [/!][formvariables name=object][redirect /][/formvariables][!] > [/!][formvariables name=orderfile][redirect /][/formvariables][!] > [/!][formvariables name=password][redirect /][/formvariables][!] > [/!][formvariables name=platform][redirect /][/formvariables][!] > [/!][formvariables name=product][redirect /][/formvariables][!] > [/!][formvariables name=protect][redirect /][/formvariables][!] > [/!][formvariables name=purchase][redirect /][/formvariables][!] > [/!][formvariables name=random][redirect /][/formvariables][!] > [/!][formvariables name=raw][redirect /][/formvariables][!] > [/!][formvariables name=redirect][redirect /][/formvariables][!] > [/!][formvariables name=referrer][redirect /][/formvariables][!] > [/!][formvariables name=removehtml][redirect /][/formvariables][!] > [/!][formvariables name=removelineitem][redirect /][/formvariables][!] > [/!][formvariables name=replace][redirect /][/formvariables][!] > [/!][formvariables name=replacefounditems][redirect /][/formvariables][!] > [/!][formvariables name=return][redirect /][/formvariables][!] > [/!][formvariables name=returnraw][redirect /][/formvariables][!] > [/!][formvariables name=scope][redirect /][/formvariables][!] > [/!][formvariables name=search][redirect /][/formvariables][!] > [/!][formvariables name=sendmail][redirect /][/formvariables][!] > [/!][formvariables name=setcookie][redirect /][/formvariables][!] > [/!][formvariables name=setheader][redirect /][/formvariables][!] > [/!][formvariables name=setlineitem][redirect /][/formvariables][!] > [/!][formvariables name=setmimeheader][redirect /][/formvariables][!] > [/!][formvariables name=shell][redirect /][/formvariables][!] > [/!][formvariables name=showif][redirect /][/formvariables][!] > [/!][formvariables name=shownext][redirect /][/formvariables][!] > [/!][formvariables name=spawn][redirect /][/formvariables][!] > [/!][formvariables name=sql][redirect /][/formvariables][!] > [/!][formvariables name=sql][redirect /][/formvariables][!] > [/!][formvariables name=sqlconnect][redirect /][/formvariables][!] > [/!][formvariables name=sqldisconnect][redirect /][/formvariables][!] > [/!][formvariables name=sqlexecute][redirect /][/formvariables][!] > [/!][formvariables name=sqlinfo][redirect /][/formvariables][!] > [/!][formvariables name=sqlrelease][redirect /][/formvariables][!] > [/!][formvariables name=sqlresult][redirect /][/formvariables][!] > [/!][formvariables name=switch][redirect /][/formvariables][!] > [/!][formvariables name=table][redirect /][/formvariables][!] > [/!][formvariables name=tcpconnect][redirect /][/formvariables][!] > [/!][formvariables name=tcpsend][redirect /][/formvariables][!] > [/!][formvariables name=text][redirect /][/formvariables][!] > [/!][formvariables name=then][redirect /][/formvariables][!] > [/!][formvariables name=thisurl][redirect /][/formvariables][!] > [/!][formvariables name=time][redirect /][/formvariables][!] > [/!][formvariables name=unurl][redirect /][/formvariables][!] > [/!][formvariables name=uppercase][redirect /][/formvariables][!] > [/!][formvariables name=url][redirect /][/formvariables][!] > [/!][formvariables name=username][redirect /][/formvariables][!] > [/!][formvariables name=validcard][redirect /][/formvariables][!] > [/!][formvariables name=version][redirect /][/formvariables][!] > [/!][formvariables name=version][redirect /][/formvariables][!] > [/!][formvariables name=waitforfile][redirect /][/formvariables][!] > [/!][formvariables name=writefile][redirect /][/formvariables][!] > [/!][formvariables name=xmlnode][redirect /][/formvariables][!] > [/!][formvariables name=xmlnodes][redirect /][/formvariables][!] > [/!][formvariables name=xmlnodesattributes][redirect /][/formvariables][!] > [/!][formvariables name=xmlparse][redirect /][/formvariables][!] > [/!][formvariables name=xsl][redirect /][/formvariables][!] > [/!][formvariables name=xslt][redirect /][/formvariables][!] > [/!][!]--- END: to plug up the security hole of when URL hacker passes a > webdna context name as a formvar---[/!] > > --------------------------------------------------------- This message is > sent to you because you are subscribed to the mailing list **. To > unsubscribe, E-mail to: ** archives: > http://mail.webdna.us/list/talk@webdna.us Bug Reporting: support@webdna.us --bcaec5015f2b4aaf0004a9216912 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Unfortunately we are very reliant on the old e-commerce tags as you suspect= ed so upgrading to v7 will be a long ways off. We are doing some troublesho= oting to see how our server filled to capacity so quickly but it has at lea= st temporarily been fixed by removing some old files.

I really appreciate the code you sent- we are implementing t= his immediately.

Thanks!
Daniel Meola
301-486-0= 901
<= br>

On Thu, Jul 28, 2011 at 9:39 AM, Govinda= <govi= nda.webdnatalk@gmail.com> wrote:
Hi Daniel

I noticed in a google search for our error= that one of the indexed urls had=A0&!=3D1 at the end of it, causing th= e entire page to break.=A0
This also breaks webdn= a.us when added to the end of URLs.=A0

The original is= sue you asked about (suddenly failing orders) sounds like something got cor= rupted.. which I am not addressing here.. but this ^^^ is a known bug in we= bdna ... before version 7. =A0If you pass the name of a webdna context as t= hough it were a URL/form-variable (for example the comment context, e.g. &q= uot;page.html?aaa=3Dbbb&!=3Dx", then it sticks in "x" in= place of all the "[!]"'s on your page! =A0...Thus breaking a= ll the comment tags... =A0and exposing code you meant to have commented out= ! =A0Obviously this is a really dangerous bug. =A0The solution (if you cann= ot or should not upgrade to version 7.. and here I am guessing you will not= want to.. on account of your using the old built-in e-commerce tags (?)) = =A0is to use code such as this in your pre-parse script.. (or else in an in= clude you place at the top of every page) :
(you can make the [redirect] redirect to wherever you want.. =A0here i= t goes to the default/home page.)


<= div>[!]--- START: to plug up the security hole of when URL hacker passes a = webdna context name as a formvar---[/!][!]
[/!][formvariables name=3D!][redirect /][/formvariables][!]
= [/!][formvariables name=3Daddfields][redirect /][/formvariables][!]
[/!][formvariables name=3Daddlineitem][redirect /][/formvariables][!]
[/!][formvariables name=3Dappend][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dappendfile][redirect /][/formvariables][!]
[/!][formvariables name=3Dapplescript][redirect /][/formvariables]= [!]
[/!][formvariables name=3Darrayget][redirect /][/formvariables][!]
[/!][formvariables name=3Darrayset][redirect /][/formvariables][!]
[/!][formvariables name=3Dauthenticate][redirect /][/formvariables= ][!]
[/!][formvariables name=3Dboldwords][redirect /][/formvariables][!]
[/!][formvariables name=3Dbrowsername][redirect /][/formvariables][= !]
[/!][formvariables name=3Dcalcfilecrc32][redirect /][/formvari= ables][!]
[/!][formvariables name=3Dcapitalize][redirect /][/formvariables][!]
[/!][formvariables name=3Dcart][redirect /][/formvariables][!]
[/!][formvariables name=3Dcase][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dclearlineitems][redirect /][/formvariables][!]
[/!][formvariables name=3Dclosedatabase][redirect /][/formvariables= ][!]
[/!][formvariables name=3Dcommand][redirect /][/formvariable= s][!]
[/!][formvariables name=3Dcommitdatabase][redirect /][/formvariables][= !]
[/!][formvariables name=3Dconvertchars][redirect /][/formvaria= bles][!]
[/!][formvariables name=3Dconvertwords][redirect /][/for= mvariables][!]
[/!][formvariables name=3Dcopyfile][redirect /][/formvariables][!]
[/!][formvariables name=3Dcopyfolder][redirect /][/formvariables][!]=
[/!][formvariables name=3Dcountchars][redirect /][/formvariables= ][!]
[/!][formvariables name=3Dcountwords][redirect /][/formvariables][!]
[/!][formvariables name=3Dcreatefolder][redirect /][/formvariables= ][!]
[/!][formvariables name=3Ddate][redirect /][/formvariables][= !]
[/!][formvariables name=3Dddeconnect][redirect /][/formvariables][!]
[/!][formvariables name=3Dddesend][redirect /][/formvariables][!]<= /div>
[/!][formvariables name=3Ddecrypt][redirect /][/formvariables][!]=
[/!][formvariables name=3Ddelete][redirect /][/formvariables][!]
=
[/!][formvariables name=3Ddeletefile][redirect /][/formvariables][!]
[/!][formvariables name=3Ddeletefolder][redirect /][/formvariables= ][!]
[/!][formvariables name=3Ddos][redirect /][/formvariables][!]
[/!][formvariables name=3Delapsedtime][redirect /][/formvariables][!]
[/!][formvariables name=3Delse][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dencrypt][redirect /][/formvariables][!]
[/!][formvariables name=3Dexclusivelock][redirect /][/formvariables][!]
[/!][formvariables name=3Dfilecompare][redirect /][/formvariables][= !]
[/!][formvariables name=3Dfileinfo][redirect /][/formvariables][!]
[/!][formvariables name=3Dfindstring][redirect /][/formvariables][!]=
[/!][formvariables name=3Dflushcache][redirect /][/formvariables= ][!]
[/!][formvariables name=3Dflushdatabases][redirect /][/formvariables][= !]
[/!][formvariables name=3Dformat][redirect /][/formvariables][= !]
[/!][formvariables name=3Dformat][redirect /][/formvariables][= !]
[/!][formvariables name=3Dformvariables][redirect /][/formvariables][!= ]
[/!][formvariables name=3Dfounditems][redirect /][/formvariable= s][!]
[/!][formvariables name=3Dfreememory][redirect /][/formvari= ables][!]
[/!][formvariables name=3Dfunction][redirect /][/formvariables][!]
[/!][formvariables name=3Dgetchars][redirect /][/formvariables][!]
[/!][formvariables name=3Dgetcookie][redirect /][/formvariables][!= ]
[/!][formvariables name=3Dgetmimeheader][redirect /][/formvariables][!= ]
[/!][formvariables name=3Dgrep][redirect /][/formvariables][!]<= /div>
[/!][formvariables name=3Dhideif][redirect /][/formvariables][!]<= /div>
[/!][formvariables name=3Dhtml1][redirect /][/formvariables][!]
<= div>[/!][formvariables name=3Dhtml2][redirect /][/formvariables][!]
[/!][formvariables name=3Dhtml3][redirect /][/formvariables][!]
[/!][formvariables name=3Dhttpmethod][redirect /][/formvariables][!]
<= div>[/!][formvariables name=3Dif][redirect /][/formvariables][!]
= [/!][formvariables name=3Dinclude][redirect /][/formvariables][!]
[/!][formvariables name=3Dinput][redirect /][/formvariables][!]
[/!][formvariables name=3Dinterpret][redirect /][/formvariables][!]
[/!][formvariables name=3Dipaddress][redirect /][/formvariables][!]=
[/!][formvariables name=3Dissecureclient][redirect /][/formvaria= bles][!]
[/!][formvariables name=3Dlastautonumner][redirect /][/formvariables][= !]
[/!][formvariables name=3Dlastrandom][redirect /][/formvariabl= es][!]
[/!][formvariables name=3Dlineitems][redirect /][/formvari= ables][!]
[/!][formvariables name=3Dlistchars][redirect /][/formvariables][!]
[/!][formvariables name=3Dlistcookies][redirect /][/formvariables][= !]
[/!][formvariables name=3Dlistdatabases][redirect /][/formvari= ables][!]
[/!][formvariables name=3Dlistfields][redirect /][/formvariables][!]
[/!][formvariables name=3Dlistfiles][redirect /][/formvariables][!= ]
[/!][formvariables name=3Dlistmimeheaders][redirect /][/formvar= iables][!]
[/!][formvariables name=3Dlistpath][redirect /][/formvariables][!]
[/!][formvariables name=3Dlistvariables][redirect /][/formvariables]= [!]
[/!][formvariables name=3Dlistwords][redirect /][/formvariabl= es][!]
[/!][formvariables name=3Dlookup][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dlookup][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dloop][redirect /][/formvariables][!]
[/!][formvariables name=3Dlowercase][redirect /][/formvariables][!]
[/!][formvariables name=3Dmath][redirect /][/formvariables][!]
[/!][formvariables name=3Dmiddle][redirect /][/formvariables][!]
[/!][formvariables name=3Dmovefile][redirect /][/formvariables][!]
[/!][formvariables name=3Dobject][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dorderfile][redirect /][/formvariables][!]
[/!][formvariables name=3Dpassword][redirect /][/formvariables][!]<= /div>
[/!][formvariables name=3Dplatform][redirect /][/formvariables][!]
[/!][formvariables name=3Dproduct][redirect /][/formvariables][!]
[/!][formvariables name=3Dprotect][redirect /][/formvariables][!]
[/!][formvariables name=3Dpurchase][redirect /][/formvariables][!]
[/!][formvariables name=3Drandom][redirect /][/formvariables][!]
[/!][formvariables name=3Draw][redirect /][/formvariables][!]
<= div> [/!][formvariables name=3Dredirect][redirect /][/formvariables][!]
[/!][formvariables name=3Dreferrer][redirect /][/formvariables][!]
<= div>[/!][formvariables name=3Dremovehtml][redirect /][/formvariables][!]
[/!][formvariables name=3Dremovelineitem][redirect /][/formvariables][= !]
[/!][formvariables name=3Dreplace][redirect /][/formvariables]= [!]
[/!][formvariables name=3Dreplacefounditems][redirect /][/for= mvariables][!]
[/!][formvariables name=3Dreturn][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dreturnraw][redirect /][/formvariables][!]
[/!][formvariables name=3Dscope][redirect /][/formvariables][!]
[/!][formvariables name=3Dsearch][redirect /][/formvariables][!]
=
[/!][formvariables name=3Dsendmail][redirect /][/formvariables][!]
[/!][formvariables name=3Dsetcookie][redirect /][/formvariables][!]<= /div>
[/!][formvariables name=3Dsetheader][redirect /][/formvariables][!]
[/!][formvariables name=3Dsetlineitem][redirect /][/formvariables][= !]
[/!][formvariables name=3Dsetmimeheader][redirect /][/formvari= ables][!]
[/!][formvariables name=3Dshell][redirect /][/formvariables][!]
<= div>[/!][formvariables name=3Dshowif][redirect /][/formvariables][!]
<= div>[/!][formvariables name=3Dshownext][redirect /][/formvariables][!]
[/!][formvariables name=3Dspawn][redirect /][/formvariables][!]
[= /!][formvariables name=3Dsql][redirect /][/formvariables][!]
[/!]= [formvariables name=3Dsql][redirect /][/formvariables][!]
[/!][fo= rmvariables name=3Dsqlconnect][redirect /][/formvariables][!]
[/!][formvariables name=3Dsqldisconnect][redirect /][/formvariables][!= ]
[/!][formvariables name=3Dsqlexecute][redirect /][/formvariable= s][!]
[/!][formvariables name=3Dsqlinfo][redirect /][/formvariabl= es][!]
[/!][formvariables name=3Dsqlrelease][redirect /][/formvariables][!]
[/!][formvariables name=3Dsqlresult][redirect /][/formvariables][!= ]
[/!][formvariables name=3Dswitch][redirect /][/formvariables][!= ]
[/!][formvariables name=3Dtable][redirect /][/formvariables][!]
<= div>[/!][formvariables name=3Dtcpconnect][redirect /][/formvariables][!]
[/!][formvariables name=3Dtcpsend][redirect /][/formvariables][!]
[/!][formvariables name=3Dtext][redirect /][/formvariables][!]
[/!][formvariables name=3Dthen][redirect /][/formvariables][!]
[/!][formvariables name=3Dthisurl][redirect /][/formvariables][!]
[/!][formvariables name=3Dtime][redirect /][/formvariables][!]
[/= !][formvariables name=3Dunurl][redirect /][/formvariables][!]
[/!= ][formvariables name=3Duppercase][redirect /][/formvariables][!]
= [/!][formvariables name=3Durl][redirect /][/formvariables][!]
[/!][formvariables name=3Dusername][redirect /][/formvariables][!]
[/!][formvariables name=3Dvalidcard][redirect /][/formvariables][!]<= /div>
[/!][formvariables name=3Dversion][redirect /][/formvariables][!]=
[/!][formvariables name=3Dversion][redirect /][/formvariables][!]
[/!][formvariables name=3Dwaitforfile][redirect /][/formvariables][!]=
[/!][formvariables name=3Dwritefile][redirect /][/formvariables]= [!]
[/!][formvariables name=3Dxmlnode][redirect /][/formvariables][!]
[/!][formvariables name=3Dxmlnodes][redirect /][/formvariables][!]
[/!][formvariables name=3Dxmlnodesattributes][redirect /][/formvari= ables][!]
[/!][formvariables name=3Dxmlparse][redirect /][/formvariables][!]
[/!][formvariables name=3Dxsl][redirect /][/formvariables][!]
<= div>[/!][formvariables name=3Dxslt][redirect /][/formvariables][!]
[/!][!]--- END: to plug up the security hole of when URL hacker passes a we= bdna context name as a formvar---[/!]

--------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us Bug Reporting: suppo= rt@webdna.us

--bcaec5015f2b4aaf0004a9216912-- Daniel Meola

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Help! WebCat2 bug (Ben's input) (1997) F3 crashing server (1997) WC2b15 File Corruption (1997) WebDNA performance comparisons? (2004) Auto Archives, Gift Certs, and More.. (2003) Re:no template caching (1997) Sorting Numbers (1997) [WebDNA] MD5 Hash issue (2009) Big Databases (1997) Text variables do not show (1999) WebCat b15 Mac plug-in (1997) Fun with Dates - revisited (1997) page redirect in webDNA (1997) Chown www:wheel Almost There WebCat 5 on itools 7 (2003) Digest Version (2000) Emailer on NT CAN'T handle large email files (1997) TCP/IP connect (1998) [OT] (waaaay OT) my photo (2004) Frames and WebCat (1997) BUG in [showif] using ^ (contains) (1997)