On Wed, Dec 13, 2006 at 07:40:09PM +0100, NoWhereMan wrote: > Youness Alaoui wrote: > > Hi, > > no need to strip that out of the nickname, as it's url encoded, and > > no need for the messages sent as it's a > > utf-8 message which can contain any binary... > > well actually that's disallowed by the standard, regardless the encoding; > btw, I've just tried and it seems like message was delivered (probably > ms-xml parser is designed to allow these codes and they're prevented in PSM > to avoid explots. Or... we've just find a security hole) > what I mean is that messages are NOT in xml, there's just plain utf-8 messages, look at protocol log.. and they allow ANY binary code to be pastes there (we've been copy/pasting so many binary msnp2p data without problems over the SB)
> > about the config being in xml, it's true, but I don't think anything > > gets saved there that the user enters, > > apart from the psm and paths and custom states... and yep, custom > > states would have such bugs... > > so, a pair of places where the stripper should go for sure :P > The stripper should go where ? have you no shame? watch your mouth, we have a young, innocent(lol) girl amongst the team... :p > bye > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Amsn-devel mailing list > Amsn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amsn-devel ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Amsn-devel mailing list Amsn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amsn-devel
