[thesite] test.evolt - urls to articles
Oliver Lineham
oliver at lineham.co.nz
Tue Nov 21 18:38:25 CST 2000
At 16:09 21/11/2000 -0800, you wrote:
>i was referring more to the methodology of breaking up a site into various
yes, i'm fine with fusebox. i was simply wondering about the lack of the
"real" cfm filename. which you answered.
>:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>: (aside: here's an interesting one .. why does
>: http://test.evolt.org/index.cfm/article/view/18/4109/
>:
>: return all 669 "new" articles? ;)
>:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>that's an easy one. cause it's not parsing that malformed url you're
>using - nothing interesting about that. <duck>
except that normally you'd expect a watertight application to recognise
when its parameters are invalid, and revert to some default (such as an
error, or the vanilla front page).
with sufficient input checking, it shouldn't ever be possible to trick any
cgi into doing something unintended.
</ol>
____________________________________________________
v i b e m e d i a http://www.vibe.co.nz/
po box 10-492 wellington, new zealand
phone +64 21 210-7845 oliver at lineham.co.nz
More information about the thesite
mailing list