Hopbot log for 2008-09-03 - Helma IRC channel: #helma on irc.freenode.net
2008-09-03:
[13:54] <Guest50466> Hello - long time Helma user here, have a question about the database in 0.xml, 1.xml, helma.xsl[13:55] <Guest50466> In app/Root I have multiple .js files defining functions that get called from my main_action()
[13:56] <Guest50466> a request comes in at /webapp?q=home and I translate that to eval( "this.do_" + q + "(params)" )
[13:56] <Guest50466> But once in a while, the function "this.do_x" gets persisted in 0.xml
[13:57] <Guest50466> And I'm not sure why
[13:57] <Guest50466> So the next time a request comes in, this.do_x is read from the DB as a number, rather than getting evaluated as a function
[13:58] <Guest50466> Thanks for any pointers on where to look
[14:00] <Guest50466> http://helma.pastebin.com/d471d5b0a
[14:00] <zumbrunn_> something like /webapp?q=home=5 would do that, no?
[14:01] <Guest50466> Ah!
[14:01] <Guest50466> You're saying I'm ripe for injection problems...
[14:02] <zumbrunn_> yep
[14:02] <zumbrunn_> what you are doing seems pretty dangerous anyway
[14:02] <Guest50466> But under what circumstances would be the values be persisted?
[14:28] <zumbrunn_> in your example, /webapp?q=home=5;anythingEvil might result in eval( "this.do_home=5;anythingEvil(params)" )
[14:28] <zumbrunn_> and this.do_home would be set to 5 (and persisted)
In the channel now:
Logs by date:
- 2009-01
- 2008-12
- 2008-11
- 2008-10
- 2008-09-30
- 2008-09-29
- 2008-09-28
- 2008-09-26
- 2008-09-24
- 2008-09-19
- 2008-09-18
- 2008-09-16
- 2008-09-15
- 2008-09-14
- 2008-09-13
- 2008-09-12
- 2008-09-10
- 2008-09-08
- 2008-09-07
- 2008-09-06
- 2008-09-05
- 2008-09-04
- 2008-09-03
- 2008-09-02
- 2008-09-01
- 2008-08
- 2008-07
- 2008-06
- 2008-05
- 2008-04
- 2008-03
- 2008-02
- 2008-01
- 2007-12
- 2007-11
- 2007-10
- 2007-09
- 2007-08
- 2007-07
- 2007-06
- 2007-05
- 2007-04
- 2007-03