On Fri, 2006-03-17 at 19:58 -0500, Gonzalo Paniagua Javier wrote:
On Fri, 2006-03-10 at 09:53 -0500, Chris Toshok wrote:
I just read in the Shackow's asp.net 2.0 security book about this,
actually. He says that the three sequences that result in rejecting a
string are:
1. a
On Mon, 2006-03-20 at 15:41 -0500, Chris Toshok wrote:
I added the unicode character for '', but didn't put checks in for
either '' or its corresponding unicode. Are those really an issue?
No, they are not. The blocking seems to be enough.
-Gonzalo
On Fri, 2006-03-10 at 09:53 -0500, Chris Toshok wrote:
I just read in the Shackow's asp.net 2.0 security book about this,
actually. He says that the three sequences that result in rejecting a
string are:
1. a followed by a !
2. a followed by the letters a-z (upper or lowercase)
-list@lists.ximian.com
Subject: RE: [Mono-dev] [PATCH] MS/Mono incompatibility in
System.Web.HttpRequest
You're right, that seems to work just as well. The updated patch file
is attached.
-Original Message-
From: Eyal Alaluf [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 16
;
}
-Original Message-
From: Edward C. Eisenbrey
Sent: Thursday, February 16, 2006 9:13 AM
To: 'Eyal Alaluf'
Cc: mono-devel-list@lists.ximian.com
Subject: RE: [Mono-dev] [PATCH] MS/Mono incompatibility in
System.Web.HttpRequest
You're right, that seems to work just as well. The updated patch
Hello,
Can someone please approve and commit this patch?
Rewrite without using Regexp, which is a lot slower than the current
code.
Miguel
Original issue:
The input validation that occurs in the CheckString method in
/mcs/class/System.Web/System.Web/HttpRequest.cs is far more strict
than
: [Mono-dev] [PATCH] MS/Mono incompatibility in
System.Web.HttpRequest
Hi, Edward.
Is it not enough to use: [a-zA-Z\\!] as the RegEx instead of
[a-zA-Z\\!]+?
It works much faster (since RegEx tries always for the biggest match
possible) and it
does exactly the same thing.
Doing the check
-0500
From: Edward C. Eisenbrey [EMAIL PROTECTED]
To: mono-devel-list@lists.ximian.com
Subject: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest
Attached is the patch including all the changes mentioned.
-Original Message-
From: Joshua Kugler [mailto:[EMAIL PROTECTED
wrote:
Date: Wed, 15 Feb 2006 13:44:50 -0500
From: Edward C. Eisenbrey [EMAIL PROTECTED]
To: mono-devel-list@lists.ximian.com
Subject: [Mono-dev] [PATCH] MS/Mono incompatibility in
System.Web.HttpRequest
Attached is the patch including all the changes mentioned.
-Original Message
Attached is the patch including all the changes mentioned.
-Original Message-
From: Joshua Kugler [mailto:[EMAIL PROTECTED]
Sent: Monday, February 13, 2006 5:12 PM
To: mono-devel-list@lists.ximian.com
Subject: Re: [Mono-dev] MS/Mono incompatibility in
System.Web.HttpRequest
On Monday
10 matches
Mail list logo