> In <cfa_refreshsectionmodel>, on line 30 we see the following
>
> <cfparam name="pagetypeid" default="070DCB4A-CDA2-11D2-AE210060B0EB4972">
>
> There are similar lines for sectiontypeid, etc.
>
> The problem with this is that if a user enters a URL variable 'pagetypeid'
> the value of URL.pagetypeid will be used. So essentially any user can
> crash any spectra application (in theory) by supplying bogus URL
> parameters.
Good catch. I'll get this into our system.
> This is very bad. How did this get through QA?
Like you, we aren't perfect.
=======================================================================
Raymond Camden, Principal Spectra Compliance Engineer for Macromedia
Email : [EMAIL PROTECTED]
Yahoo IM : morpheus
"My ally is the Force, and a powerful ally it is." - Yoda
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/spectra_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
