Francois Chagnon
Francois Chagnon
There's a same-origin bypass made possible by reflecting a user-supplied `param` as the first thing in a response body. More info here: http://quaxio.com/jsonp_handcrafted_flash_files/ Basically, if you return a user-supplied value...
The `get_session_model` method will store a reference to the model in `request.env[SESSION_RECORD_KEY]` when the session is loaded. Later on when saving the session, `write_session` calls `get_session_model`, which again calls the...
During a request when the session is accessed, [`load_session`](https://github.com/rack/rack/blob/65c4fcd6a0f5217f92a2d84de289cdcfea3fd490/lib/rack/session/abstract/id.rb#L312-L316) will call `find_session` which ends up calling `get_session_model`. When no session cookie is present in the browser, the `id` will be...
Was not fixed after rewriting most of the decompiler code. It is most certainly broken currently.
Overlapping registers (ah, al, ax, eax, for example) are handled as separate registers, which leads to wrong decompiled output.
Currently no attempt is done for recognizing arguments to function calls, which leads to wrong decompiled output.
There is an issue with the reporting of "grid to battery" in my off-grid setup. I use a generator as the "grid" source, which is not always online, but when...