As mentioned earlier, I was so encouraged by being able to fix the slashes problem, I decided to tackle the < problem. Though it involved changes all over the code, and lot's of places to check for security issues, it seems to have turned out quite well. The code now feels a good bit simpler, and we have the impressive boast that BoltWire shows virtually the same thing in the edit box, source file, and html output. Very cool.
This is a fairly big release in that it required me to tweak, polish, and check lot's of code all over the system (meaning there may be bugs somewhere). And second, that it will require you to replace < with < in all your field pages. I've written a fix script that should do this automatically. Just drop it in your field right next to index.php and call the file in your browser and follow it's instructions (refresh the page till it says you are done). And make sure there is not a fix.list page already in the folder from the last time. Note, you will have to do this for every field... * Removed debugging line in mail function. Sorry about that! * Cleaned up slash handling in a few places. * Patched some problems with the fontstyles function, and tightened a security issue. * Slight improvements to preview function involving code markup and forms. * Slight reworking of buttons to get names and values to work more intuitively. * Changed script to not encode the < symbol. The big one. See above. :) http://www.fast.st/files/boltwire3.3.9.zip http://www.fast.st/files/fix3.3.9.zip Cheers, Dan P.S. Please tinker with this on a non-critical installation as the fix script is a one way converter. :) And help me test for security vulnerabilities by seeing if you can get <script>alert('hi');</script> to trigger somehow on a page. I've tried info, data, escapes, include source with & without escapes, etc. But there's almost an inevitability I overlooked something... -- You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/boltwire?hl=en.
