Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: [bug?] Problem with 'load

From: nitsch-lists:netcologne at: 28-Nov-2003 23:51

Am Freitag, 28. November 2003 19:50 schrieb [SunandaDH--aol--com]:
> Thanks to everyone who contributed responses. > > I've now updated to use Romano's load-header script rather than a > direct load/all/header in all the places (lots!) we load a header to get > values about a script. > > This was a potentially damaging integrity exposure (my old-timer IBMese for > hackable security flaw) in the Library..... >
If we use /core 2.5.6, then not. this is oold /view 1.2.1:
>> load "rebol[print {hehe}]"
hehe == [ ] and this core 2.5.6:
>> load "rebol[print {hehe}]"
== [ ] IIRC its mentioned somewhere in the /core change-log.
> .....Any one could have inserted active code in a header and contributed it > as a script. That code would have been executed on the server when we did > the load/header. The result could have been nasty. > > This remains a potential danger for any REBOL-based CGI site that loads > headers of contributed code in the old manner.....If you have such a site, > please check your code and see if you need to replace load/header with > Romano's script. > > I'm impressed (as usual) with the usefulness of this ML and the helpfulness > of the people on it. Less than 24 hours from reporting a problem to having > a fix available. Outstanding, everyone!! > > Thanks everyone again! > Sunanda.