|
|
 |
|
|
manilamacros.includemessage
A certain way to crash a Manila server is to call the includemessage macro passing the message number of the current page. As pages which are included can contain includemessage call, the chain of included messages can be recursive. The patch keeps track of which message numbers have been included by the current chain of includemessage calls and disallows repetition.
This was reported to Userland, in the approved manner of email to security@userland.com on 2nd April 2002, but no action resulted and no acknowledgement was ever made. I have therefore released the problem description and my work-around patch.
A variant of this patch was released by userland without fanfare on April 21st. This patch is withdrawn.
| on includeMessage (msgNum, flEditButton=true, flDgLink=true, flProcessMacros=false, flExternalEditorButton=false) |
| |
«Add a dg message as a component of a page. Pass it the msgNum of the dg message to include. If you're the managing editor, you get an Edit button, if flEditButton is true. If you have dg access, you get a dg link, if flDgLink is true. If flProcessMacros is true, the macros and shortcuts in the included message are expanded. |
| |
local (pta = html.getPageTableAddress ()) |
| |
bundle //JES 4/21/02: macro error if the message recursively includes itself |
| |
local (adrMsgTable = mainResponder.discuss.getMessageTable (msgNum)) |
| |
if msgNum == 2 //4/16/03; 4:20:51 PM by JES -- ugly hack for including the about message |
| |
«local (text = string (adrMsgTable^.body)) |
| |
if defined (adrMsgTable^.newsItem) |
| |
if flProcessMacros //PBS 10/26/00: optionally process macros |
| |
add (text) //add the actual text of the item |
| |
if flDgLink //add cowskull image |
| |
local (flMemberCanEdit = false) |
| |
if flExternalEditorButton |
Relative to Frontier version 9.7b10
|