('binary' encoding is not supported, stored as-is) In-Reply-To: <068b01c1874a$7b1296b0$cb9c2bd5@ts> Sites desiring to eliminate the issue in diagnostic mode as well as remove all < and > characters from all user input can install the library below. Steve... -- # Special Security add-on library for agora versions 3.2b to 4.0d # # Puts the store in 'paranoia' mode, all < and > chars are converted # to # chars if they are found in the input stream. # # May fix unknown and undiscovered problems, eliminates problems in # diagnostic mode in 4.0x. # # Install in store/custom directory, set permissions to 555 # # Not required if running ashim40update.pl version 1/24/02 or later # # SPK Jan 24, 2002 $versions{'security_01242002'} = '01242002'; &add_codehook("alias_and_override_top","special_security_f1_01242002"); sub special_security_f1_01242002 { $form_data{'cart_id'} =~ s/</</g; $form_data{'cart_id'} =~ s/>/>/g; for $inx (keys %form_data) { $form_data{$inx} =~ s/</#/g; $form_data{$inx} =~ s/>/#/g; } } &add_codehook("alias_and_override_end","special_security_f2_01242002"); sub special_security_f2_01242002 { if (!($form_data{'cart_id'} =~ /^([\w\-\=\+\/]+)\.(\w+)/)) { $form_data{'cart_id'} = ''; } } # 1; # Library
This archive was generated by hypermail 2b30 : Fri Jan 25 2002 - 12:13:40 PST