Neo-Hippie Ramblings - I'm a Non-Conformist Just Like All My Friends: Hacking my employer's intranet - part ii

Thursday, January 27, 2005

Hacking my employer's intranet - part ii

This time around, it looks like the data entry fields are definitely all sanitized. Anything funky I try to pass through shows up verbatim... Database linkage seems to be solid, too.

Ok, let's mess around with the field edits.... I'm getting several edits for required entries, and one field that requires a single character entry. Everything looks ok so I enter some records.

On one particular record, I enter all the required data to pass the edits, select the date field at the very end of the available date range using the calendar function, leave the cursor at the end of an edited field and press <Enter> instead of clicking the Add button.

Bam: Dialog Box -- 'Delete this record? y/n'. Hmmm... that's weird, I wasn't trying to delete a record. I click 'No' and go back to the record. Change the date to something close to the present, put the cursor back where it was and press <Enter> again.

Dialog Box -- 'Delete this record? y/n'. Ok, so it wasn't the date boundary. This time, I click 'Yes'. A previous entry that I wasn't even editing, the first on the list, gets deleted. Hmmm.... curiouser and curiouser.

Ok, now what happens if there aren't any records to delete? I delete all the existing records, leaving only an active pending record. Enter text to pass all the edits, put the cursor back into the text field and press <Enter>.

Dialog Box -- 'Record Added'.

LMAO Sure, why not!

Ok, it's all starting to make sense now. There's a graphical button at the beginning of each existing or pending record. The first record in the list is somehow retaining focus, even though the cursor is elsewhere and there's no indication of focus on screen. Pressing <Enter> triggers the button.

Write it up and pass it on... tune in next week for more fun with Web-based status reporting.

0 Old Comments: