vi / perl question

Carl Parrish plug-devel@lists.PLUG.phoenix.az.us
Wed Nov 28 12:11:01 2001 

Hey Victory.
Thanks yes I am flitering several things including < > and a few filters 
I've used in other applications. Yes they are entering the "enter" from 
a web form. But I don't know what to use to do the filtering in. in 
other words would the tr command be something like tr/\n/:::/; ? Or is 
there another escape or regexp I should use?

Carl P

Victor Odhner wrote:

> Hi, Carl.
> 
> Use the 'tr' command to filter all your data, and
> don't just look for CRs and LFs but all sorts of
> bad stuff.
> 
> I don't know what an "Enter" is, in this context.
> Are you running on Windows?  In an X window, you might
> have key mapping issues.  Or is the information being
> entered on a CGI form?
> 
> If the user has typed in something that was accepted as
> a "line", I presume you are doing general filtering
> anyway to prevent the user from entering dangerous garbage.
> If you are accepting data in a CGI variable, from a form,
> then it's mandatory to do that or the CGI will be unsafe.
> Any CGI field you're going to re-display on the form
> must also be filtered to remove < > so that the re-displayed
> page can't cause bad things to happen in the user's browser.
> (There are good articles out there about CGI exploits
> and security -- look up those keywords.)
> 
> So:  for every form field, or every line you accept from
> anywhere, I suggest using 'tr' to replace all bad characters
> with nothing, i.e., delete them, and then append a fresh
> newline when writing the line out to the DB file.
> 
> Vic
> 
> http://members.home.com/vodhner/resume.html
>  -- or --
> http://www.newearth.org/~victor/resume.html
> 
> Carl Parrish wrote:
> 
>>Hey everyone,
>>I'm working with a CGI application. Its writting to a flat file db. The
>>flat file reades each line as a new record. Well in one of the fields
>>the user can type in a enter. Which of course screws with reading the
>>flat file. So I thought I'd just substutie the enters with another
>>delimiter. Piece of cake. Only I don't seem to be able to find the
>>enters. I thought doing a search for either "\n" or "\r" would do it but
>>so far no luck. (In vi here is the command :%s/\n/:::/g ). Is there
>>another escape char I should be looking for? Or should I try the hex code?
>>
>>Thanks,
>>Carl
>>
> _______________________________________________
> PLUG-devel mailing list  -  PLUG-devel@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-devel
> 
>