Chris wrote:
I guess the trick is fixing it (breaking it?) so this works without opening up any vectors for injection attacks. Would it be safe to exclude the "control" list from being escaped like this? It seems that only attributes in the the request and proxy-request lists would be the real problems.
Yes and no. The best way is via a "tainted" flag, like Perl. But that involves a lot more work.
Would it have been so difficult to say "man unlang see update" instead of just "man unlang"? You spent more time complaining about the way I asked the question than it would have taken to answer it. ;)
Exactly. I wish to emphasize *thinking* and *reading*. Answering questions by cutting & pasting portions of the documentation is a disservice to everyone. It has it's appeal, but it's wrong. Alan DeKok.