From: Steve W. <sw...@wc...> - 2000-06-03 21:46:15
|
Yes, the list can be configured so hitting "reply" sends to the list instead of the author, but the Sourceforge documentation strongly recommends against this (they don't say why though). I'm used to this with other lists I'm on so I assumed it was for a good reason. Wikic and the Tcl'ers Wiki both use the [] linking scheme. I wonder if they are vulnerable too? sw On Sat, 3 Jun 2000, Arno Hollosi wrote: > > Hi there, > > the new name linking scheme is vulnerable to attack. > The exploit goes something like this: > > external links: > [external | javascript:alert('you are hacked')] > > internal links: > [internal: <script language=javascript>alert('bad stuff happens');</script>] > > The javascript is executed both times. > This opens the doors to Javascript exploits never ending. > (Actually internal links allow to include arbitrary HTML) > > While I favour the approach to limit the charset allowed within '[]', > I guess we can get by with the following fix: > left of '|': encode text with htmlspecialchars() > (same goes for names in RecentChanges) > right of '|': forbid links starting with 'script' or 'java' > > I will look further into the issue and tell you with > what I can come up. > > While poking around I discovered that the $magic_quotes_gpc=1 bug > seems to be back (this time for page names) - not sure if this is > also true when using mySQL. > > > /Arno > > P.S: be careful when replying to the list. > Apparently the "Reply-To:" header is not set, so a simple > reply just goes to the author and not to the list. > > Steve, can this be changed in the list settings? > > _______________________________________________ > Phpwiki-talk mailing list > Php...@li... > http://lists.sourceforge.net/mailman/listinfo/phpwiki-talk > ...............................ooo0000ooo................................. Hear FM quality freeform radio through the Internet: http://wcsb.org/ home page: www.wcsb.org/~swain |