They say it's been phased out. I hope.
-
function WordSzablon (nrowid number) return VARCHAR2 is (...) cStmt VARCHAR2(32000); (...) begin (...) cStmt := ' <script> function openword() { try {owordappl = new ActiveXObject( "Word.Application");} catch( e ) { alert( ''Excel(sic!) cannot be opened.'' ); return; } try{ oworddoc=owordappl.Documents.Open("c:\\hard\\coded\\path\\template.doc",0,true) } catch(e) { alert("Template not found."); return; } owordappl.Selection.Find.ClearFormatting(); // owordappl.Selection.Find.Text="lk"; owordappl.Selection.Find.Replacement.ClearFormatting(); // owordappl.Selection.Find.Replacement.Text="AAA"; owordappl.Selection.Find.Execute("variablenamevariable",-1,0,0,0,-1,-1,1,-1,"'||name||'",2); owordappl.Selection.Find.Execute("variableidnumbervariable",-1,0,0,0,-1,-1,1,-1,"'||idnumber||'",2); //snip: more of that... //oworddoc.Tables.Add(oworddoc.Range(0,0),8,9); owordappl.ScreenUpdating = true; owordappl.Visible = true; } function openword2() { //same thing, with a different hardcoded path } </script> '; end;
SQL which spits out a
<script>
which contains ActiveX which opens Word and does automatic search-and-replace on tags (creatively calledvariablexxxvariable
, wherexxx
is an unique ID).Eww.
-
(yep. that expression is just about perfect reaction for this code)
-
(yep. that expression is just about perfect reaction for this code)
I'm going for this:
-
SQL which spits out a
<script>
which contains ActiveX which opens Word and does automatic search-and-replace on tags (creatively calledvariablexxxvariable
, wherexxx
is an unique ID).
All that's missing is the wooden table…
-
SQL which spits out a <script> which contains ActiveX which opens Word and does automatic search-and-replace on tags (creatively called variablexxxvariable, where xxx is an unique ID)
I did not know Rube Goldberg was also a programmer...
-
All that's missing is the wooden table…
BRB, getting a printer, a digital camera and an Arduino...
-
SQL which spits out a <script> which contains ActiveX which opens Word and does automatic search-and-replace on tags (creatively called variablexxxvariable, where xxx is an unique ID).
And leaves Word open, and hangs SQL Server if it can't find "Excel" until the MessageBox is dismissed. On the server.
-
BRB, getting a printer, a digital camera and an Arduino...
Hmmmm, we could have the printer feed in to a scanner and then put the wooden table in with Photoshop. Efficiency!
-
You, sir, are an evil genius.
-
hangs SQL Server
Wow...you can summon ActiveX from inside TSQL‽ Now I am glad I work with Oracle.
-
SQL Server
We wish. That's Oracle.
Also, that goes on the webpage (I hope), so it opens Word ("Excel") on the user's PC.
That being said, we do use Excel and Word interop for other stuff, so a messagebox on the server is still a real threat...
-
And leaves Word open, and hangs SQL Server if it can't find "Excel" until the MessageBox is dismissed. On the <i>server</i>.
Are you sure this code runs on the database server? Given the
<script>
tags in the output I’d assume the result is pasted into an HTML page and sent to a user’s browser for processing...EDIT: Hanzo’d
-
We wish. That's Oracle.
Oh, I see...you're returning stuff that's getting put into a web page or something.
-
Either that, or we've written a HTML/JS parser in PL/SQL, which also does ActiveX.
Honestly? With that project, I wouldn't even be surprised.
-
This post is deleted!
-
-
... yes, you can summon ActiveX and Active Scripting from inside TSQL, using the right sprocs. Yes, that's every bit as dangerous as it sounds.
-
yes, you can summon ActiveX and Active Scripting from inside TSQL, using the right sprocs. Yes, that's every bit as dangerous as it sounds.
File upload -> SQLi -> Local Privilege Escalation = pwn, it sounds like...
-
That's why the permissions for those sprocs default to
sa
only and require special permissions bits on your login. Along with gigantic warnings in the docs about exactly that pwn. Doesn't stop some people though.
-
Bonus WTF:
In another place, the thing takes the list of filters from some table and applies them to a concatenated SQL statement - obviously by concatenation. But wait! If there are no filters, we want to show some button in a different state. How do we do it?
First, in the database:
IF cWhere IS NULL THEN cWhere := ' AND 1=1 '; END IF; --more concatenation follows pcOutReport := /*some unrelated stuff*/||cWhere;
Then, in the code proper:
protected void SqlDataSourceXYZSelected(object sender, SqlDataSourceStatusEventArgs e) { var value = e.Command.Parameters["pcOutReport"].Value.ToString(); SqlDataSourceXYZ.SelectParameters["pcOutReport"].DefaultValue = value; _filterSet = !(value.IndexOf("1=1") > 0); }
Of course, that clever parsing broke the usual
'WHERE 1=1 ' || list_of_conditions
pattern, so this time we haveif cWhere is not null then cWhere := ' AND (2=2 ' || cWhere || ')'; end if;
And woe be upon thee if you have a
Thing1
column, filter it to1
and forget a space. But that's never gonna happen, right?
-
Bonus bonus WTF:
Another case of string replacement in Word, this time (luckily) in code, but using the same insane tags. A "description" field apparently didn't fit in a
VARCHAR
, so they split it intoDescription1
andDescription2
in the DB - but there's only one tag to replace in Word, a singlevariabledescriptionvariable
. What do we do?ReplaceInWord("variabledesc", row.Description1); ReplaceInWord("riptionvariable", row.Description2);
-
```
ReplaceInWord("variabledesc", row.Description1);
ReplaceInWord("riptionvariable", row.Description2);And once again, I buttume this gets fun with spaces *if* it doesn't get split in the middle of the word.
-
ReplaceInWord("variabledesc", row.Description1);
ReplaceInWord("riptionvariable", row.Description2);What are you complaining about ... this is ingenues ... brillant even!
-
Seems like someone's thought outside the box. And then shat all over the box.
-
I don't think that adequately conveys the horror.
-
It's the best I have I'm afraid; I had a bit of a clear-out yesterday.
-
There are macros that don't use that character.
-
True, but I don't have any saved
-
GIS "expressions of horror".
This could be @boomzilla's next avatar.Have a bonus:
https://p.gr-assets.com/540x540/fit/hostedimages/1380911427/3196651.jpg
If those suffer hotlink failure, let me know and I'll upload 'em.
-
I'm sure I'm able to GIS for stuff
I'll likely eventually cycle the Amy images out in favour of others anyway
-
-
Wait… that's a head poking out of a box? I always thought it was hunched shoulders!
-
Conveys the horror of the poster and causes genuine horror in the reader.
Impressive.
-
I'll likely eventually cycle the Amy images out in favour of others anyway
-
I'll likely eventually cycle the Amy images out in favour of others anyway
Who's Amy?
-
Amy Rose. that's the hedgehog posing for her avatar's name
-
that's the hedgehog posing for her avatar's name
Why does @RaceProUK's avatar have a name?
-
'eventually' does mean between now and the heat death of the universe ;)
-
Why does @RaceProUK's avatar have a name?
the character posing for the picture does....
the gramming is hard on that one!
-
Why does @RaceProUK's avatar have a name?
Ask Kazuyuki Hoshino, the guy who created her ;)
-
Is he on the forum?
-
-
-
You could put a bunch of those boxes in a square grid and play whack-a-jeff ...
-
or a discodev skinned version of 2048?
-
Wow...you can summon ActiveX from inside TSQL‽ Now I am glad I work with Oracle.
We wish. That's Oracle.