Poll

Should I add increased BLID gathering abilities to Support_Updater and make a public, searchable list of BLIDs and names?

Yes
34 (81%)
No
8 (19%)

Total Members Voted: 42

Author Topic: Support_Updater  (Read 53866 times)

The cool thing about expandEscape() is that it grows exponentially, so if you call it on a string n times, you end up with a string of length 2^n

The cool thing about expandEscape() is that it grows exponentially, so if you call it on a string n times, you end up with a string of length 2^n

Well maybe but it's not necessary for this at all

It needs to be called at least once if you are planning on using the string in an eval statement.  Otherwise, you get code injection vulnerabilities.  The issue here is that it is being done twice, which turns " -> \" -> \\\".

It needs to be called at least once if you are planning on using the string in an eval statement.  Otherwise, you get code injection vulnerabilities.  The issue here is that it is being done twice, which turns " -> \" -> \\\".
You don't need to use the string in an eval statement though. Calling eval inside a function uses the same context, so you can easily access local variables.

You don't need to use the string in an eval statement though. Calling eval inside a function uses the same context, so you can easily access local variables.

I will experiment with that when I get some time.

In fact, the only time you should ever include input in an eval statement is if the input is a function name or part of an expression.

This will echo "test" and "blah":
%val = "test";
%blah = "blah";

eval("echo(%val);");

eval("%val = %blah;");
echo(%val);

An update has been released. Thanks for your help!

An update has been released. Thanks for your help!
heh it seems sort of funny that you can update the updater with the updater

heh it seems sort of funny that you can update the updater with the updater
until an update breaks the updater and you need another update to update the updater so it updates again