Manipulating strings in mathbot eval
Bug #952479 reported by
aj00200
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
BBot |
Fix Released
|
High
|
Thomas Ward |
Bug Description
Using ``s in mathbot commands allows for strings to be quoted and accessed like a list.
The following exploit doesn't quite work, but it does show the danger of this bug:
?math hexec(`
The team behind this bug has been kept Anonymous. Thank you for reporting :)
visibility: | private → public |
Changed in bbottheircbot: | |
status: | Confirmed → Fix Committed |
To post a comment you must log in.
Here is another example just for fun: (0,0),( 0.5,1), (1,0))` [4]+`geo. triangle( (0,0),( 0.5,1), (1,0))` [70]*2
?math `geo.triangle(