Bug in statuswml.cgi with Acknowledging Services

Jon Angliss jon at netdork.net
Tue Aug 12 23:37:07 CEST 2008


On Tue, 12 Aug 2008 05:35:59 -0700 (PDT), Benjamin Schmaus
<schmaustech at yahoo.com> wrote:

>This was causing the "Your're not authorized" for me in my environment. 
>
> I removed the url_encode() off the service description and the correct value was passed.  You may be correct with regards to 
> special characters, however I was only trying to figure out how to get the value to correctly show for the service so I could acknowledge 
> the service state.  This is by no means the correct fix, but a way to expose the issue.
>
>If you use a WAP browser, like Klondike or the Mozilla WML plugin, you can view the WAP interface without a cell phone.  Further you 
> can look at the WML source of the form and clearly see that the postfield name for service had the value set as the hostname. 

Heh, that's really weird.  It passes service_desc as a variable to
url_encode, and returns the host name... That sounds like an
interesting bug in url_encode.  The change fixes the issue, and
probably needs to be applied else where.

As Armin mentioned, we probably need to look at the "Variables encoded
twice" thread too, though this seems slightly different that an input
variable is being changed.  It sounds like a bug in url_encode rather
than in the fact that url_encode was being called.

At least now I can ACK my problems :)
-- 
Jon Angliss


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/




More information about the Developers mailing list