merlin
Public Area Guest
Posts: 19
|
Post by merlin on May 21, 2004 11:26:03 GMT
|
|
|
Post by sparrowhawk on May 21, 2004 12:03:23 GMT
Modified:
I am checking for this exploit, but I appear to have missed some circumstances where it can occur. I'll change the code asap and upload the fix today, hopefully within the hour
|
|
merlin
Public Area Guest
Posts: 19
|
Post by merlin on May 21, 2004 12:14:01 GMT
I'm guessing it's now fixed?
|
|
|
Post by sparrowhawk on May 21, 2004 12:21:34 GMT
Yes, just uploaded it and was quickly testing it live on one of my games.
Thanks for spotting it. Actually the fix was very simple since the row and columns ahead are actually available to the Ahead/Here page without having to pass them in (they weren't when I wrote the page though, hence the querystring. I forgot to change it).
I'm going to leave the actual querystring parameters for the moment as they have no effect, but the calling page has changed a lot so I don't want to amend 2 copies concurrently.
|
|
merlin
Public Area Guest
Posts: 19
|
Post by merlin on May 21, 2004 12:24:48 GMT
I was adding an ahead button to MU/CM and noticed the perams in the HTML when I was grabbing the .php address.
|
|
|
Post by sparrowhawk on May 21, 2004 12:30:10 GMT
When you are happy that the bug is fixed, please amend the title to reflect this. thanks
|
|