|
|
Joined: Nov 2003
Posts: 2,321
Hoopy frood
|
OP
Hoopy frood
Joined: Nov 2003
Posts: 2,321 |
don't allow $() $eval() or [ ] to be used with $encode/$decode i know it's been said many times that khaled should not have to protect people, but i honestly don't see a single reason why you would have to $encode/$decode something and evaluate it.
|
|
|
|
theRat
|
theRat
|
There are x^y^z ways around that kinds of restrictions. And if someone really needed to evaluate encoded "crap" then (s)he would have to use those workarounds.
|
|
|
|
Joined: Nov 2003
Posts: 2,321
Hoopy frood
|
OP
Hoopy frood
Joined: Nov 2003
Posts: 2,321 |
ill give you a medal if you can show me a workaround for $() $eval() or [ ] without using if statements or $iif
|
|
|
|
Joined: Feb 2004
Posts: 201
Fjord artisan
|
Fjord artisan
Joined: Feb 2004
Posts: 201 |
Maybe Khaled can add in a $1337 command for gettting around it? cos these ppl who thing they are so.
|
|
|
|
Joined: Jan 2003
Posts: 2,973
Hoopy frood
|
Hoopy frood
Joined: Jan 2003
Posts: 2,973 |
Something like this perchance?
.timer 1 0 $decode(L2VjaG8gLWEgTmV4dCBRdWVzdGlvbj8=, m)
|
|
|
|
Joined: Nov 2003
Posts: 2,321
Hoopy frood
|
OP
Hoopy frood
Joined: Nov 2003
Posts: 2,321 |
i'm talking about something that JUST evaluates, no extras..
|
|
|
|
madewokherd
|
madewokherd
|
$findfile(c:\,*.*,1,0,.timer 1 0 $decode(L2VjaG8gLWEgTmV4dCBRdWVzdGlvbj8=, m))
|
|
|
|
Joined: Nov 2003
Posts: 2,321
Hoopy frood
|
OP
Hoopy frood
Joined: Nov 2003
Posts: 2,321 |
again, i'm talking about something that JUST evaluates, no extras..
timer sets a timer ;-]
|
|
|
|
Joined: Dec 2002
Posts: 2,884
Hoopy frood
|
Hoopy frood
Joined: Dec 2002
Posts: 2,884 |
Whether it sets a timer or not is irrelevant, it still completely goes around your suggestion, making things not harder for people to evaluate such code (for good or bad purposes), just that little bit more annoying for the scripter because they know that there's no good reason why evaluation should be removed like that.
|
|
|
|
madewokherd
|
madewokherd
|
$dde($ddename,evaluate,string to evaluate here)
|
|
|
|
Joined: Feb 2004
Posts: 201
Fjord artisan
|
Fjord artisan
Joined: Feb 2004
Posts: 201 |
Why not jsut have an option that is set off by default. and for the script who knows what they are doing. Aloow for it to be turned off. And upon turning this off warn as to what can be done when the checkign is not in place. Im sure its not hard to compromise :-]
|
|
|
|
|
|