syatem command and dummy fields
Kenneth Brody
kenbrody at bestweb.net
Mon May 19 07:42:18 PDT 2008
(Top-posting corrected.)
Quoting Dennis Malen (Mon, 19 May 2008 10:09:25 -0400):
> From: "Walter Vaughan" <wvaughan at steelerubber.com>
[...]
>> Dennis Malen wrote:
>>
>>> Just want to report that the following works. This opens up a tremendous
>>> amount of opportunities to control reports that are to be run and which
>>> can be changed on the fly without entering processing.
>>>
>>> ------- - - - - - - - - - - - - - -
>>> ~ If:
>>> Then: ba=7;bc=8
>>> ------- - - - - - - - - - - - - - -
>>> ~ If:
>>> Then: system "/appl/fp/rreport"<(ba)<"-f"<(bc)<"-v vrab -a -u"
>>>
>> Also be aware that fields 7 and 8 are now vectors that can get you in
>> trouble.
>> If someone puts "; evil_command; " in one of those fields, they have
>> full access to
>> whatever filepro has as well. Delete, change records, logs, etc... at will
>>
>> You might want to strip those fields of semicolons for auditing purposes.
>
> I am not clear on where you want me to remove the semi colons.
What happens if field 7 contains "; format c: /y ;" ?
--
Read the truth behind the movie "Expelled" at <http://www.ExpelledExposed.com>
--
KenBrody at BestWeb dot net spamtrap: <g8ymh8uf001 at sneakemail.com>
http://www.hvcomputer.com
http://www.fileProPlus.com
More information about the Filepro-list
mailing list