Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#56830 - 09/01/2002 08:15 DisplayServer and slashes in MP3 titles
jdandrea
member

Registered: 07/11/2001
Posts: 188
Loc: New Jersey
With Frank MIA at the moment (I hope all is well though!) I'm not sure if this can even be addressed, but since there is potential reverse engineering activity afoot in the near term, I thought I'd mention it so it is logged somewhere.

The getfid CGI in DisplayServer lets you get raw (mp3) output and it includes a "savefile" parameter. Turns out that slashes within MP3 titles aren't being escaped to hex in the URI (/ = %2F). This can have some undesirable effects, such as the filename being truncated to whatever follows the last slash.

Not a show-stopper, but it's not expected behavior.
_________________________
-- JD - SN# 040104008 (120GB Blue, Digital Out)

Top
#56831 - 09/01/2002 08:46 Re: DisplayServer and slashes in MP3 titles [Re: jdandrea]
pgrzelak
carpal tunnel

Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
Greetings!

I hacked apart the ds2 beta 2 to create a minimal installation. The fix is extremely easy, if I remember correctly. Just take a look at the javascript in browse.html for more info. I think that is where it is being displayed, in javascript. You can escape it there.
_________________________
Paul Grzelak
200GB with 48MB RAM, Illuminated Buttons and Digital Outputs

Top