As I've found out my case wasn't crashing in r27 but was in r22, but here is the line from my Apache log of the request that would crash 4D. As of this morning we're running r22 in production.
204.121.3.6 - - [25/Apr/2011:21:51:09 -0600] "POST /login/auth/login.a4d?from=/..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd HTTP/1.1" 502 2966 In the form processor the content of the from parameter was being base decoded and this odd case would cause a crash. Since it is a _query parameter I recall that A4D was converting each of the '..%c0%af..' to something like '..?..'. What was weird was that the converted _query parameter didn't appear to have any of the offending base64 decode crashing characters you noted in a previous response unless there is an invisible in the automatic conversion. My problem was that I assume 'from' would have a base64 encoded value. I'm defending against that now. Probably not much help, but that is one example. Thanks, Brad On 4/28/11 8:39 AM, Aparajita Fishman wrote: >> Maybe you've already fixed it? > I have a fix ready, but I would like some test data to work with. Anyone out > there who has some base64 encoded data (including files), please send it to > me privately. > > Many thanks, > > Aparajita > www.aparajitaworld.com > > "If you dare to fail, you are bound to succeed." > - Sri Chinmoy | www.srichinmoy.org > > _______________________________________________ > Active4D-dev mailing list > [email protected] > http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev > Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/ > _______________________________________________ Active4D-dev mailing list [email protected] http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
