Bug in statuswml.cgi with Acknowledging Services
Thomas Guyot-Sionnest
dermoth at aei.ca
Wed Aug 20 00:39:52 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 19/08/08 03:20 PM, Jon Angliss wrote:
> On Thu, 14 Aug 2008 13:42:55 -0500, Jon Angliss <jon at netdork.net>
> wrote:
>
>> On Wed, 13 Aug 2008 11:27:12 +0200, Armin Wolfermann <aw at osn.de>
>> wrote:
>>
>>> * Jon Angliss <jon at netdork.net> [12.08.2008 23:52]:
>>>> I read the thread, and it looks like the variables are being double
>>>> encoded, which is fine, but the issue here is that a variable being
>>>> fed into url_encode is coming out as a different variable.
>>> Ok, now I see the problem. url_encode() uses a static buffer and calling
>>> it twice in a row overwrites the first result. Half of a fix for this
>>> problem was committed in May introducing a second buffer but the code is
>>> only using the first.
>> I figured it had something to do with that, but my C skills are rather
>> rusty.
>>
>>> I attached a patch against current CVS using dynamic buffers like
>>> html_encode() does. Lightly tested but works for me.
>> Seems to work quite nicely against CVS HEAD from last night.
>
> Partially mistaken here. It seems the application doesn't handle the
> encoded strings very well. I have a space char in the description of
> a service, and it's being posted as "Disk+D", and it throws the same
> unauthorized message. Otherwise it at least posts the service name
> now.
Disk+D is correct - the cgi should interpret it as a space.
- --
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIq0u36dZ+Kt5BchYRAqcnAKCuzyLnKBHVVaLOpJPvpxRLWCygmQCeJOIp
noCupVmnIUQDIMuhZWWYi1o=
=qyoQ
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
More information about the Developers
mailing list