Indeed , thanks for point it out Pablo.. Now what should i just edit and patch and the file and then reload Ape or I have to reinstall all over?
On Dec 12, 10:20 am, Pablo Tejada <[email protected]> wrote: > He did mentioned src/cmd.c > On Dec 12, 2012 1:15 PM, "UTAN" <[email protected]> wrote: > > > > > > > > > Have you released any patch, if you made some workaround what file > > should we patch? > > > On Dec 11, 3:56 am, tr!ckle <[email protected]> wrote: > > > I managed recently with an issue that allows to inject any js script by > > > preparing link like: > >http://your.ape.server.domain/?[{%22cmd%22:%22script%22,%22params%22:{%22domain%22:%22any.domain%22,%22scripts%22:[%22http://another.domain.com/your/injected/script.js%5C%22%3E%3C%2Fscrip...]}}] > > > > It allows either attach script from your url or inject script directly > > such > > > as in this example. > > > > The solution for this issue is to filter both params domain and scripts > > in > > > file src/cmd.c (function: cmd_script()) in ape server. > > > -- > > You received this message because you are subscribed to the Google > > Groups "APE Project" group. > > To post to this group, send email to [email protected] > > To unsubscribe from this group, send email to > > [email protected] > > For more options, visit this group at > >http://groups.google.com/group/ape-project?hl=en > > --- > > APE Project (Ajax Push Engine) > > Official website :http://www.ape-project.org/ > > Git Hub :http://github.com/APE-Project/ -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/
