Menu
▾
▴
Re: [sfWiki-devel] TODO before release for sfWiki
|
From: Robert F. <ro...@27...> - 2001-03-15 21:23:30
|
Hi Todd I just got a evil on the sfwiki trying to break it, and it looks like I did. :( <quote url="http://sfwiki.sourceforge.net/edit.php?topic=+%3C%2Ftd%3E+%3C%2Ftd%3E+%3C%2Ftd%3E+%25%3E%3C%3C%3F%3F%25&web=Main"> Thiss sfWiki's database has returned an error, " Got error 'repetition-operator operand invalid' from regexp (1139)", and mail has been sent to the administrator. Warning: Cannot add header information - headers already sent by (output started at /home/groups/sfwiki/sfWiki/portal/htdocs/wiki/query_failed.ihtml:3) in /home/groups/sfwiki/sfWiki/htdocs/edit.php on line 41 </quote> It looks like we need to limit the characters that can be in a wikiname and any user input, limiting it to "a-zA-Z -_." would be a good start. I'm sure with the right type of quoting someone could get the database to do something bad. It's also possible to break a page by writing special characters "?%><", so maybe we should quote anything that's not safe or a correct html tag? Robert Fitzsimons ro...@27... On Mon, Mar 12, 2001 at 12:56:44AM -0500, Todd L. Miller wrote: > I think there are only two things left to do before 'releasing' > (official opening wiki.jos.org) this version of sfWiki. First, some > high-speed editing protection needs to be added. Second, when the > wiki.jos.org site is updated, I need to add logic to put the user stuff on > the menu, change colors when the user is logged in (or out, whatever :)), > and indicate who the user is logged in as. > > AFAIK, that is the entire list. I just requested a beat-down, so > now's your chance to execute your nit-picking skills. > > -jQuinn > > > _______________________________________________ > sfWiki-devel mailing list > sfW...@li... > http://lists.sourceforge.net/lists/listinfo/sfwiki-devel |
