fix.list is created but remains empty. On Mar 7, 3:25 pm, Markus <[email protected]> wrote: > Both links are broken. Try these: > > http://www.boltwire.com/files/boltwire3.3.9.ziphttp://www.boltwire.com/files/fix3.3.9.php > > Great. 3.3.9 fixes " becoming \". > > Sunny wishes, > Markus > > On Mar 7, 2:28 pm, The Editor <[email protected]> wrote: > > > > > As mentioned earlier, I was so encouraged by being able to fix the > > slashes problem, I decided to tackle the < problem. Though it involved > > changes all over the code, and lot's of places to check for security > > issues, it seems to have turned out quite well. The code now feels a > > good bit simpler, and we have the impressive boast that BoltWire shows > > virtually the same thing in the edit box, source file, and html > > output. Very cool. > > > This is a fairly big release in that it required me to tweak, polish, > > and check lot's of code all over the system (meaning there may be bugs > > somewhere). And second, that it will require you to replace < with > > < in all your field pages. I've written a fix script that should do > > this automatically. Just drop it in your field right next to index.php > > and call the file in your browser and follow it's instructions > > (refresh the page till it says you are done). And make sure there is > > not a fix.list page already in the folder from the last time. Note, > > you will have to do this for every field... > > > * Removed debugging line in mail function. Sorry about that! > > * Cleaned up slash handling in a few places. > > * Patched some problems with the fontstyles function, and tightened a > > security issue. > > * Slight improvements to preview function involving code markup and forms. > > * Slight reworking of buttons to get names and values to work more > > intuitively. > > * Changed script to not encode the < symbol. The big one. See above. :) > > >http://www.fast.st/files/boltwire3.3.9.ziphttp://www.fast.st/files/fi... > > > Cheers, > > Dan > > > P.S. Please tinker with this on a non-critical installation as the fix > > script is a one way converter. :) And help me test for security > > vulnerabilities by seeing if you can get <script>alert('hi');</script> > > to trigger somehow on a page. I've tried info, data, escapes, include > > source with & without escapes, etc. But there's almost an > > inevitability I overlooked something...
-- You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/boltwire?hl=en.
