Editing version 18 of page Discuss_Version_0.60_DevTrack (this is the most recent revision)
Note: This page is defined as a special page, and as such its final state may be different from what you see here.
Use template:
None
API_Template
DevTrack_Template
Version_Template
Taint mode (-T) is turned on, however not all shell expansions are untainted. This will generate errors in some installations (apparently not in my dev environment though... weird).
Here are the lines that include shell expansion:
{{{
654: $line =~ s#\`{1}(.*?)\`{1}#<tt>$1</tt>#g;
741: '`<tt>teletype</tt>`</dd>'.
1400: $diff = `diff $TempDir/old $TempDir/new`;
1516: my $diff = `diff $TempDir/old $TempDir/new`;
1645: print $q->p("perl: ".`perl -v`);
1646: print $q->p("diff: ".`diff --version`);
1647: print $q->p("grep: ".`grep --version`);
1648: print $q->p("awk: ".`awk --version`);
2289: chomp(my @files = `grep -Prl '$Param{'search'}' $PageDir`);
2990: my $diff = `diff $TempDir/old $TempDir/new`;
3179: chomp(my @counts = split(/\n/,`grep ^$UserIP $VisitorLog | awk '\$2>$spts'`));
}}}
For sure lines 1400, 1516, 2289, 2990, and 3179 should be examined closely.
-- [[AaronGraves|AaronGraves]] //Thu Jun 23 03:57:33 UTC 2016// (107.167.108.182)
----
Lines 1400, 1516, 2289, and 2990 have been untainted. 3179 (now 3194) remains.
-- [[AaronGraves|AaronGraves]] //Thu Jun 23 04:21:45 UTC 2016// (107.167.108.182)
----
Some untainting methods: [[http://www.perlmonks.org/?node_id=516577]]
-- [[AaronGraves|AaronGraves]] //Thu Jun 23 16:10:23 UTC 2016// (107.167.108.182)
----
In `DoSearch`, line 2394:
{{{
open my($FILES), "grep -Erli '($search|$altsearch)' $PageDir 2>/dev/null |";
}}}
This needs to be untainted too.
-- [[AaronGraves|AaronGraves]] //Thu Jun 23 17:15:55 UTC 2016// (107.167.108.182)
----
In addition to the above, this will have to be corrected in ListAllFiles, ListAllTemplates, and ListDeletedPages.
-- [[AaronGraves|AaronGraves]] //Thu Jun 23 17:33:21 UTC 2016// (107.167.108.182)
----
For untainting, see [[https://github.com/ajgraves/aneuch/issues/32]]
-- [[AaronGraves|AaronGraves]] //Fri Jun 24 04:23:51 UTC 2016// (107.167.108.182)
----
For 3179 I would suggest something like this for line 253:
{{{
$UserIP = $q->remote_addr; #$ENV{'REMOTE_ADDR'};
if ($UserIP =~ /^([0-9.]+)$/) {
$UserIP=$1;
} else {
$UserIP='000.000.000.000'; # Redirect to an error page instead?
}
}}}
-- Russ //Sun Jun 26 19:21:16 UTC 2016// (24.113.55.207)
----
Thanks Russ, actually what I used was:
{{{
my ($UIP) = ($UserIP =~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/g); # nnn.nnn.nnn.nnn
}}}
-- [[AaronGraves|AaronGraves]] //Tue Jun 28 01:33:48 UTC 2016// (107.167.108.182)
----
Untainting should be completed.
-- [[AaronGraves|AaronGraves]] //Tue Jun 28 19:50:40 UTC 2016// (107.167.116.86)
----
I re-downloaded aneuch.pl today and think I found two more:
* 2869: unlink $file; (DoMaintPurgeTemp)
* 1384: if(! -d "$PageDir/$archive") { mkdir "$PageDir/$archive"; } (WritePage)
-- Russ //Mon Jul 4 03:46:58 UTC 2016// (24.113.55.207)
----
Thanks Russ, I did miss a few places. I'll go through again and make sure they are all mopped up.
-- [[AaronGraves|AaronGraves]] //Mon Jul 4 14:21:16 UTC 2016// (174.71.115.113)
----
[[http://www.w3schools.com/bootstrap/default.asp|Nice bootstrap tutorial]]
-- [[AaronGraves|AaronGraves]] //Tue Jul 12 13:54:11 UTC 2016// (174.71.115.113)
----
Update on bootstrap: The framework has been implemented. The administration screen has been updated to use the framework as well. The site is completely mobile friendly (including the admin screen). Small tweaks are likely to continue up until release.
-- [[AaronGraves|AaronGraves]] //Thu Jul 14 17:55:36 UTC 2016// (174.71.115.113)
----
I've also written a sitemap plugin. Debating including the functionality into Aneuch itself.
-- [[AaronGraves|AaronGraves]] //Thu Jul 14 17:56:24 UTC 2016// (174.71.115.113)
----
Images now have the class 'img-responsive' so they are actually, you know, responsive.
-- [[AaronGraves|AaronGraves]] //Sat Jul 23 16:42:43 UTC 2016// (216.105.250.127)
----
I should add UTF8 encoding for saving/reading files as well in this version.
-- [[AaronGraves|AaronGraves]] //Sun Jul 16 16:39:14 UTC 2017// (216.105.250.127)
----
Preferences Storage API was introduced yesterday.
Going to look at using this internally in Aneuch, for things like the content blocking rules, IP bans, etc.
I've placed an emphasis in the code that the preferences database be read only once per "session" within Aneuch. There is a small concern about the speed reduction that may take place loading a large preferences database. Ultimately I think putting the content blocking rules into this system would be a big indicator of performance as that's the largest bit of data that gets loaded every session.
Then again, I don't think it would significantly impact things, as it's already being leaded once per session. I guess time will tell.
-- [[AaronGraves|AaronGraves]] //Sun Oct 29 11:41:47 UTC 2017// (216.105.250.127)
----
This page is a template
Summary:
User name:
Upload a file
By contributing to this wiki, you acknowledge that you waive your right to claim copyright of your individual contributions. The text of this site is uncopyrighted and released to the public domain.
Show markup help Styling **bold **, //italic //, __underline __, --strikethrough--, `teletype ` Headers = Level 1 =, == Level 2 ==, === Level 3 ===, ==== Level 4 ====, ===== Level 5 ===== (ending ='s optional) Lists * Unordered List, # Ordered List, ** Level 2 unordered, ### Level 3 ordered (up to 5 levels, NO SPACES IN FRONT) Links [[Page]], [[Page|description]], [[http://link]], [[http://link|description]] Images {{image.jpg}}, {{right:image.jpg}} (right aligned), [[link|{{image.jpg}}]] (image linked to link), {{image.jpg|alt text}} Extras ---- (horizonal rule), ~~~~ (signature)