[ic] IC-specific hacking attempt

Doug Alcorn lathinet at yahoo.com
Sun Mar 28 17:45:59 EST 2004

"Kevin Walsh" <kevin at cursor.biz> writes:

> Doug Alcorn [lathinet at yahoo.com] wrote:
>> I applied the patch and it half-way works.  It
>> prevents the interpreting of the variable in the
>> body; however, the page still has the interpreted
>> variable in the page title.
> You are probably using @@[email protected]@ instead of
[subject] in
> parts of your missing.html.  Either correct it to
use [subject] or
> upgrade to a version of Interchange that will trap
attempts to exploit
> the problems.  I suggest doing both.
> @@[email protected]@ was patched some time ago.  A new
version to cover
> [subject] will be released soon.  It was about to be
released anyway.

I don't doubt what you say, I'm just having a hard
time figuring out what to do about it.  I'm running
Interchange 5.0.0-1 from Racke's personal debian
archive.  I did a grep MV_PREV_PAGE in my catalog's
pages directory with no hits.  What else can I change?

Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.

More information about the interchange-users mailing list