On Fri, Jun 28, 2002 at 06:32:48AM -0700, George Greer wrote:
> You're not preserving the %-signs of the original string properly. Either
> you translated them away when you saved the trigger or you're not
> displaying them properly. Either double the %-signs that shouldn't be
> interpreted or make sure they're not part of the format string but in one
> of the %s-declared buffers.
I suspect you've hit it. I agree, it looks like a format string bug
in action. So guess I'll need to overhaul all DG's send_to_char()
calls with a "%s" anyway. Could be worse. This way I fix the bug and
tighten security back to some semblance of Circle core's code at the
same time...
--
{ IRL(Jeremy_Stanley); SMTP(fungi@yuggoth.org); ICQ(114362511);
WWW(http://fungi.yuggoth.org/); IRC(fungi@irc.yuggoth.org#ccl);
PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657); }
--
+---------------------------------------------------------------+
| FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
| Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
| Newbie List: http://groups.yahoo.com/group/circle-newbies/ |
+---------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 06/25/03 PDT