Document management: Difference between revisions

From Hackspire
Jump to navigation Jump to search
(Add string variable type and EE character)
(Typo and grammar fixes)
Line 5: Line 5:
Bold words are used as keywords for quick reference.
Bold words are used as keywords for quick reference.


''Please keep in mind before adding any elements to this list that has long as a way to bypass the downgrade protection has not been found, too many details on leads to possible exploits to execute arbitrary code should preferably not be posted here.''
''Please keep in mind before adding any elements to this list that as long as a way to bypass the downgrade protection has not been found, too many details on leads to possible exploits to execute arbitrary code should preferably not be posted here.''
*The '''Computer Link Software''' doesn't check anything except the file extension.
*The '''Computer Link Software''' doesn't check anything except the file extension.
*'''Compression format''': TNS files compressed with the graphical frontend of 7-Zip are accepted. The command-line version of 7-Zip and Windows XP's native zipper produce an error message when the document is open on the TI-Nspire. Cygwin's zip command make the calculator reboot. The TI-Nspire probably uses a custom decompressor (yet the About screen mentions that zlib is use6d by the OS).
*'''Compression format''': TNS files compressed with the graphical frontend of 7-Zip are accepted. The command-line version of 7-Zip and Windows XP's native zipper produce an error message when the document is open on the TI-Nspire. Cygwin's zip command makes the calculator reboot. The TI-Nspire probably uses a custom decompressor (yet the About screen mentions that zlib is used by the OS).
*An error message is displayed when a document with containing a '''not well-formed''' XML file is open.
*An error message is displayed when a document with containing an '''ill-formed''' XML file is open.
*'''Adding''', removing or renaming files (XML or not) in the TNS displays the error.
*'''Adding''', removing or renaming files (XML or not) in the TNS displays an error.
*Specifying an '''invalid ''type'' attribute''' (for example "TI.Notepaddd" instead of "TI.Notepad")  in a ''<wdgt>'' tag of a problem displays an empty frame instead.
*Specifying an '''invalid ''type'' attribute''' (for example "TI.Notepaddd" instead of "TI.Notepad")  in a ''<wdgt>'' tag of a problem displays an empty frame instead.
*Text added '''between the tags''' of the problems ("mixt-content") is ignored.
*Text added '''between the tags''' of the problems ("mixt-content") is ignored.
*Changing the '''version attribute''' of a problem displays the error.
*Changing the '''version attribute''' of a problem displays an error.
*Any '''DTD''' assigned or added to XML files is ignored.
*Any '''DTD''' assigned or added to XML files is ignored.
*An ''XML external entity'' defined inline to try to read system files is ignored (not displayed), whether an relative or absolute path is used (but perhaps more possible file paths should be tested).
*An ''XML external entity'' defined inline to try to read system files is ignored (not displayed), whether an relative or absolute path is used (but perhaps more possible file paths should be tested).
*Setting '''an encoding''' in the XML declaration not supported by default in [http://www.jclark.com/xml/expatfaq.html expat] displays the error when the document is open.
*Setting '''an encoding''' in the XML declaration not supported by default in [http://www.jclark.com/xml/expatfaq.html expat] displays an error when the document is opened.
*'''Format markup''' of the Notepad widget (for example <tt>Applications \1keyword \</tt> which would render "Applications" as a keyword): nothing special found.
*'''Format markup''' of the Notepad widget (for example <tt>Applications \1keyword \</tt> which would render "Applications" as a keyword): nothing special found.
*If the '''attribute ''clay'' ''' (card layout identifier) of the ''<card>'' tag is set to 1 ("vertical split", the identifiers are the ones found in the menu ''Page Layout/Select layout'' - 1) instead of 0 (full screen), the calculator reboots because of a crash, since there is only one widget in the card instead of 2. If the identifier is 7 or greater, or negative, an error is displayed when the document is opened.
*If the '''attribute ''clay'' ''' (card layout identifier) of the ''<card>'' tag is set to 1 ("vertical split", the identifiers are the ones found in the menu ''Page Layout/Select layout'' - 1) instead of 0 (full screen), the calculator reboots because of a crash, since there is only one widget in the card instead of 2. If the identifier is 7 or greater, or negative, an error is displayed when the document is opened.
*If the '''height of a splitted card''' (attributes h1, h2, ...) is set to a negative number, the part of the card is not displayed but the TI-Nspire doesn't crash. If the height is set above 10000, only the 0-10000 part is showed, the rest is clipped.
*If the '''height of a splitted card''' (attributes h1, h2, ...) is set to a negative number, the part of the card is not displayed but the TI-Nspire doesn't crash. If the height is set above 10000, only the 0-10000 part is showed, the rest is clipped.
*If the '''width of a splitted card''' (attributes w1, w2, ...) is set above 10000, it has no effect.
*If the '''width of a splitted card''' (attributes w1, w2, ...) is set above 10000, it has no effect.
*Sending a TNS file of 25KB of '''uncompressed size'''/2KB of compressed size make the TI-Nspire freeze for a few minutes when open, then make it display an error message indicating that the document could not be open. During the opening the Computer Link Software can't communicate with the TI-Nspire, although it is correctly detected as a USB device by the computer when unplugged a re-plugged. Files of more than 25KB of uncompressed size seems to make the TI-Nspire hang forever.
*Sending a TNS file of 25KB of '''uncompressed size'''/2KB of compressed size makes the TI-Nspire freeze for a few minutes when open, then makes it display an error message indicating that the document could not be opened. During the opening the Computer Link Software can't communicate with the TI-Nspire, although it is correctly detected as a USB device by the computer when unplugged and re-plugged. Files of more than 25KB of uncompressed size seem to make the TI-Nspire hang forever.
To verify : Sending a document with garbage data (same letter repeated 700000 times after urn:TI.Problem) made the TI-Nspire freeze for a few minutes, but the document was then opened (navigating in the tools menu showed freezes of a few seconds with this document).
To verify : Sending a document with garbage data (same letter repeated 700000 times after urn:TI.Problem) made the TI-Nspire freeze for a few minutes, but the document was then opened (navigating in the tools menu showed freezes of a few seconds with this document).
*'''Documents bigger''' than the current storage capacity are refused by the Computer Link Software.
*'''Documents bigger''' than the current storage capacity are refused by the Computer Link Software.
*Well-formed XML-escaped content but with dummy tags in the '''<sp:auth>''' tag of the widget ''TI.Scratchpad'' (an expression content) makes the calculator reboot. The calculator reboots indefinity since the last document open is reopen at startup. One way to get out of the loop it is to use the maintenance menu.
*Well-formed XML-escaped content but with dummy tags in the '''<sp:auth>''' tag of the widget ''TI.Scratchpad'' (an expression content) makes the calculator reboot. The calculator reboots indefinitely since the last document open is reopen at startup. One way to get out of the loop it is to use the maintenance menu.
*In the '''<sym>''' section, variables with name ('''<n>''' tag) longer than 16 chars are ignored. Attribute ''t'' of the '''<e>''' tag is the type of the variable : "1" for list, "3" for integer or float, "5" for a string (value is &amp;quot;mytext&amp;quot;), "6" for function. Tag ''v'' is the value, and tag ''p'' is the parameter name for functions.
*In the '''<sym>''' section, variables with name ('''<n>''' tag) longer than 16 chars are ignored. The attribute ''t'' of the '''<e>''' tag is the type of the variable : "1" for a list, "3" for an integer or float, "5" for a string (the value is &amp;quot;mytext&amp;quot;), "6" for a function. For functions, the ''v'' tag is the value and the ''p'' tag is the parameter name.
*The 'EE' character (exponent, displayed with a small 'E' on calculator) is unicode character 0xF000, coded in UTF-8 0xEF 0x80 0x80
*The 'EE' character (exponent, displayed as a small 'E' on calculator) is the Unicode character 0xF000, coded in UTF-8 as 0xEF 0x80 0x80.

Revision as of 00:46, 16 August 2007

Document format

A .tns file is a PK-ZIP file containg several XML files. Document.xml corresponds to the options of the Document settings dialog box of the OS (some options can't be configured graphically). An XML file exists for each problem of the document (Problem1.xml, Problem2.xml, and so on).

Document format tests

Bold words are used as keywords for quick reference.

Please keep in mind before adding any elements to this list that as long as a way to bypass the downgrade protection has not been found, too many details on leads to possible exploits to execute arbitrary code should preferably not be posted here.

  • The Computer Link Software doesn't check anything except the file extension.
  • Compression format: TNS files compressed with the graphical frontend of 7-Zip are accepted. The command-line version of 7-Zip and Windows XP's native zipper produce an error message when the document is open on the TI-Nspire. Cygwin's zip command makes the calculator reboot. The TI-Nspire probably uses a custom decompressor (yet the About screen mentions that zlib is used by the OS).
  • An error message is displayed when a document with containing an ill-formed XML file is open.
  • Adding, removing or renaming files (XML or not) in the TNS displays an error.
  • Specifying an invalid type attribute (for example "TI.Notepaddd" instead of "TI.Notepad") in a <wdgt> tag of a problem displays an empty frame instead.
  • Text added between the tags of the problems ("mixt-content") is ignored.
  • Changing the version attribute of a problem displays an error.
  • Any DTD assigned or added to XML files is ignored.
  • An XML external entity defined inline to try to read system files is ignored (not displayed), whether an relative or absolute path is used (but perhaps more possible file paths should be tested).
  • Setting an encoding in the XML declaration not supported by default in expat displays an error when the document is opened.
  • Format markup of the Notepad widget (for example Applications \1keyword \ which would render "Applications" as a keyword): nothing special found.
  • If the attribute clay (card layout identifier) of the <card> tag is set to 1 ("vertical split", the identifiers are the ones found in the menu Page Layout/Select layout - 1) instead of 0 (full screen), the calculator reboots because of a crash, since there is only one widget in the card instead of 2. If the identifier is 7 or greater, or negative, an error is displayed when the document is opened.
  • If the height of a splitted card (attributes h1, h2, ...) is set to a negative number, the part of the card is not displayed but the TI-Nspire doesn't crash. If the height is set above 10000, only the 0-10000 part is showed, the rest is clipped.
  • If the width of a splitted card (attributes w1, w2, ...) is set above 10000, it has no effect.
  • Sending a TNS file of 25KB of uncompressed size/2KB of compressed size makes the TI-Nspire freeze for a few minutes when open, then makes it display an error message indicating that the document could not be opened. During the opening the Computer Link Software can't communicate with the TI-Nspire, although it is correctly detected as a USB device by the computer when unplugged and re-plugged. Files of more than 25KB of uncompressed size seem to make the TI-Nspire hang forever.

To verify : Sending a document with garbage data (same letter repeated 700000 times after urn:TI.Problem) made the TI-Nspire freeze for a few minutes, but the document was then opened (navigating in the tools menu showed freezes of a few seconds with this document).

  • Documents bigger than the current storage capacity are refused by the Computer Link Software.
  • Well-formed XML-escaped content but with dummy tags in the <sp:auth> tag of the widget TI.Scratchpad (an expression content) makes the calculator reboot. The calculator reboots indefinitely since the last document open is reopen at startup. One way to get out of the loop it is to use the maintenance menu.
  • In the <sym> section, variables with name (<n> tag) longer than 16 chars are ignored. The attribute t of the <e> tag is the type of the variable : "1" for a list, "3" for an integer or float, "5" for a string (the value is &quot;mytext&quot;), "6" for a function. For functions, the v tag is the value and the p tag is the parameter name.
  • The 'EE' character (exponent, displayed as a small 'E' on calculator) is the Unicode character 0xF000, coded in UTF-8 as 0xEF 0x80 0x80.