Forum OpenACS Development: ad_proc and switches...

Posted by Robert Locke on

Defining a procedure with "ad_proc" instead of the usual "proc" command offers many advantages such as defining switches, etc.

However, there is a catch. Let's say you call a function to convert a variable from text to HTML:
    ad_text_to_html $message

If the $message variable contains a "-" as the first character, then that will get interpreted as a switch to the "ad_text_to_html" procedure, and an error will result.

The solution is to utilize "--" to denote that there are no more switches following and that $message is the first argument:
    ad_text_to_html -- $message

Sorry if you already knew this, but I'm posting this in the hopes that it might help somebody some day... =)

Posted by Lars Pind on
The same is the case with a number of Tcl built-ins that take switches ("switch", for example): If the argument that you supply to it _may_ start with a dash, you should use a "--" before that argument. That's why you see things like

switch -- $foo {

all over the place.

Posted by Kjell Wooding on
I noticed this way back when doing a bit of a security audit on
a project with a 3.4.10 codebase. It seems you can cause all KINDS of
craziness by passing form variables that start with dashes. If you
know how the code behaves, you have the potential to cause a lot
of damage.

In other words, I think it's a vulnerability waiting to happen -
similar to the old SQL smuggling attacks.

I ended up recommending we sweep the code and put "--" everywhere
where it wasn't already. It's not a great fix, though, because it is
too easy to miss.