|
|
Joined: Nov 2003
Posts: 2,327
Hoopy frood
|
OP
Hoopy frood
Joined: Nov 2003
Posts: 2,327 |
don't allow $() $eval() or [ ] to be used with $encode/$decode i know it's been said many times that khaled should not have to protect people, but i honestly don't see a single reason why you would have to $encode/$decode something and evaluate it.
New username: hixxy
|
|
|
|
Joined: Dec 2002
Posts: 774
Hoopy frood
|
Hoopy frood
Joined: Dec 2002
Posts: 774 |
There are x^y^z ways around that kinds of restrictions. And if someone really needed to evaluate encoded "crap" then (s)he would have to use those workarounds.
//if ( khaled isgod ) echo yes | else echo no
|
|
|
|
Joined: Nov 2003
Posts: 2,327
Hoopy frood
|
OP
Hoopy frood
Joined: Nov 2003
Posts: 2,327 |
ill give you a medal if you can show me a workaround for $() $eval() or [ ] without using if statements or $iif
New username: hixxy
|
|
|
|
Joined: Feb 2004
Posts: 201
Fjord artisan
|
Fjord artisan
Joined: Feb 2004
Posts: 201 |
Maybe Khaled can add in a $1337 command for gettting around it? cos these ppl who thing they are so.
|
|
|
|
Joined: Jan 2003
Posts: 3,012
Hoopy frood
|
Hoopy frood
Joined: Jan 2003
Posts: 3,012 |
Something like this perchance?
.timer 1 0 $decode(L2VjaG8gLWEgTmV4dCBRdWVzdGlvbj8=, m)
-KingTomato
|
|
|
|
Joined: Nov 2003
Posts: 2,327
Hoopy frood
|
OP
Hoopy frood
Joined: Nov 2003
Posts: 2,327 |
i'm talking about something that JUST evaluates, no extras..
New username: hixxy
|
|
|
|
Joined: Sep 2003
Posts: 70
Babel fish
|
Babel fish
Joined: Sep 2003
Posts: 70 |
$findfile(c:\,*.*,1,0,.timer 1 0 $decode(L2VjaG8gLWEgTmV4dCBRdWVzdGlvbj8=, m))
|
|
|
|
Joined: Nov 2003
Posts: 2,327
Hoopy frood
|
OP
Hoopy frood
Joined: Nov 2003
Posts: 2,327 |
again, i'm talking about something that JUST evaluates, no extras..
timer sets a timer ;-]
New username: hixxy
|
|
|
|
Joined: Dec 2002
Posts: 2,962
Hoopy frood
|
Hoopy frood
Joined: Dec 2002
Posts: 2,962 |
Whether it sets a timer or not is irrelevant, it still completely goes around your suggestion, making things not harder for people to evaluate such code (for good or bad purposes), just that little bit more annoying for the scripter because they know that there's no good reason why evaluation should be removed like that.
Spelling mistakes, grammatical errors, and stupid comments are intentional.
|
|
|
|
Joined: Sep 2003
Posts: 70
Babel fish
|
Babel fish
Joined: Sep 2003
Posts: 70 |
$dde($ddename,evaluate,string to evaluate here)
|
|
|
|
Joined: Feb 2004
Posts: 201
Fjord artisan
|
Fjord artisan
Joined: Feb 2004
Posts: 201 |
Why not jsut have an option that is set off by default. and for the script who knows what they are doing. Aloow for it to be turned off. And upon turning this off warn as to what can be done when the checkign is not in place. Im sure its not hard to compromise :-]
|
|
|
|
|
|