Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context

This WebDNA talk-list message is from

2011


It keeps the original formatting.
numero = 107120
interpreted = N
texte = Govinda wrote: [snip] > [!]--- START: to plug up the security hole of when URL hacker passes a > webdna context name as a formvar---[/!][snip] Hi Govinda, that looks like a good solution. Since passing the "!" was causing a hang (though at least it isn't parsing anymore), I tried some other things and came up with something that still doesn't work for the "!", but is a bit shorter and perhaps slightly less CPU costly. ** note: the t_commands var should all be one line ** ------------------------------------ [formvariables name=text][redirect url=index.html][/formvariables] [text]t_commands=|[url]![/url]|addfields|addlineitem|append|appendfile|applescript|arrayget|arrayset|authenticate|boldwords|browsername|calcfilecrc32|capitalize|cart|case|clearlineitems|closedatabase|command|commitdatabase|convertchars|convertwords|copyfile|copyfolder|countchars|countwords|createfolder|date|ddeconnect|ddesend|decrypt|delete|deletefile|deletefolder|dos|elapsedtime|else|encrypt|exclusivelock|filecompare|fileinfo|findstring|flushcache|flushdatabases|format|format|formvariables|founditems|freememory|function|getchars|getcookie|getmimeheader|grep|hideif|html1|html2|html3|httpmethod|if|include|input|interpret|ipaddress|issecureclient|lastautonumner|lastrandom|lineitems|listchars|listcookies|listdatabases|listfields|listfiles|listmimeheaders|listpath|listvariables|listwords|lookup|lookup|loop|lowercase|math|middle|movefile|object|orderfile|password|platform|product|protect|purchase|random|raw|redirect|referrer|removehtml|removelineitem|replace|replacefounditems|retu rn|returnraw|scope|search|sendmail|setcookie|setheader|setlineitem|setmimeheader|shell|showif|shownext|spawn|sql|sql|sqlconnect|sqldisconnect|sqlexecute|sqlinfo|sqlrelease|sqlresult|switch|table|tcpconnect|tcpsend|then|thisurl|time|unurl|uppercase|url|username|validcard|version|waitforfile|writefile|xmlnode|xmlnodes|xmlnodesattributes|xmlparse|xsl|xslt|[/text] [formvariables] [showif [t_commands]^|[url][name][/url]|] [redirect url=index.html] [/showif] [/formvariables] ------------------------------------ If anyone comes up with a solution for "!" I'd be interested. -- Donovan Brooke Euca Design Center [Practical-Ethical-Efficient] www.euca.us egg.bz artglass-forum.com Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  2. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  3. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  4. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  5. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context (Donovan Brooke 2011)
  6. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  7. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  8. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  9. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context (Donovan Brooke 2011)
  10. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context (Donovan Brooke 2011)
  11. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  12. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Govinda 2011)
  13. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  14. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  15. Re: [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (Kenneth Grome 2011)
  16. [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: (Daniel Meola 2011)
Govinda wrote: [snip] > [!]--- START: to plug up the security hole of when URL hacker passes a > webdna context name as a formvar---[/!][snip] Hi Govinda, that looks like a good solution. Since passing the "!" was causing a hang (though at least it isn't parsing anymore), I tried some other things and came up with something that still doesn't work for the "!", but is a bit shorter and perhaps slightly less CPU costly. ** note: the t_commands var should all be one line ** ------------------------------------ [formvariables name=text][redirect url=index.html][/formvariables] [text]t_commands=|[url]![/url]|addfields|addlineitem|append|appendfile|applescript|arrayget|arrayset|authenticate|boldwords|browsername|calcfilecrc32|capitalize|cart|case|clearlineitems|closedatabase|command|commitdatabase|convertchars|convertwords|copyfile|copyfolder|countchars|countwords|createfolder|date|ddeconnect|ddesend|decrypt|delete|deletefile|deletefolder|dos|elapsedtime|else|encrypt|exclusivelock|filecompare|fileinfo|findstring|flushcache|flushdatabases|format|format|formvariables|founditems|freememory|function|getchars|getcookie|getmimeheader|grep|hideif|html1|html2|html3|httpmethod|if|include|input|interpret|ipaddress|issecureclient|lastautonumner|lastrandom|lineitems|listchars|listcookies|listdatabases|listfields|listfiles|listmimeheaders|listpath|listvariables|listwords|lookup|lookup|loop|lowercase|math|middle|movefile|object|orderfile|password|platform|product|protect|purchase|random|raw|redirect|referrer|removehtml|removelineitem|replace|replacefounditems|retu rn|returnraw|scope|search|sendmail|setcookie|setheader|setlineitem|setmimeheader|shell|showif|shownext|spawn|sql|sql|sqlconnect|sqldisconnect|sqlexecute|sqlinfo|sqlrelease|sqlresult|switch|table|tcpconnect|tcpsend|then|thisurl|time|unurl|uppercase|url|username|validcard|version|waitforfile|writefile|xmlnode|xmlnodes|xmlnodesattributes|xmlparse|xsl|xslt|[/text] [formvariables] [showif [t_commands]^|[url][name][/url]|] [redirect url=index.html] [/showif] [/formvariables] ------------------------------------ If anyone comes up with a solution for "!" I'd be interested. -- Donovan Brooke Euca Design Center [Practical-Ethical-Efficient] www.euca.us egg.bz artglass-forum.com Donovan Brooke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] Problem with [purchase] (2009) off topic - dna snipets (1997) Million product store (2003) WebCat2 - Getting to the browser's username/password data (1997) Orders coming up blank (2004) Missing custom convert.db (1998) RE: Can't get appendfile to work (1997) Forumulas.db & Variables (2002) [WebDNA] Search not sorting (2017) Summing fields (1997) [WebDNA] backup / mirror website & databases (2018) Nested tags count question (1997) many-to-one problem (1998) WebCat2b14MacPlugIn - [include] doesn't hide the search string (1997) Read and Write (2001) Solution help needed (1998) date (1999) Creating folders and deleting files (1997) PCS Emailer's role ? (1997) Possible Bug in 2.0b15.acgi (1997)