vi / perl question
Victor Odhner
plug-devel@lists.PLUG.phoenix.az.us
Wed Nov 28 13:25:02 2001
The point is to filter *positively* -- The "tr" command lets you
delete all that is *not* one of the specified characters.
So you simply say what are the characters you want to accept,
and everything else goes away.
There is no such thing as an "enter" character. You may be
talking about "\n" or "\r".
Have you tried the "chomp" command?
Vic
Carl Parrish wrote:
>
> Hey Victory.
> Thanks yes I am flitering several things including < > and a few filters
> I've used in other applications. Yes they are entering the "enter" from
> a web form. But I don't know what to use to do the filtering in. in
> other words would the tr command be something like tr/\n/:::/; ? Or is
> there another escape or regexp I should use?
>
> Carl P
>
> Victor Odhner wrote:
>
> > Hi, Carl.
> >
> > Use the 'tr' command to filter all your data, and
> > don't just look for CRs and LFs but all sorts of
> > bad stuff.
> >
> > I don't know what an "Enter" is, in this context.
> > Are you running on Windows? In an X window, you might
> > have key mapping issues. Or is the information being
> > entered on a CGI form?
> >
> > If the user has typed in something that was accepted as
> > a "line", I presume you are doing general filtering
> > anyway to prevent the user from entering dangerous garbage.
> > If you are accepting data in a CGI variable, from a form,
> > then it's mandatory to do that or the CGI will be unsafe.
> > Any CGI field you're going to re-display on the form
> > must also be filtered to remove < > so that the re-displayed
> > page can't cause bad things to happen in the user's browser.
> > (There are good articles out there about CGI exploits
> > and security -- look up those keywords.)
> >
> > So: for every form field, or every line you accept from
> > anywhere, I suggest using 'tr' to replace all bad characters
> > with nothing, i.e., delete them, and then append a fresh
> > newline when writing the line out to the DB file.
> >
> > Vic
> >
> > http://members.home.com/vodhner/resume.html
> > -- or --
> > http://www.newearth.org/~victor/resume.html
> >
> > Carl Parrish wrote:
> >
> >>Hey everyone,
> >>I'm working with a CGI application. Its writting to a flat file db. The
> >>flat file reades each line as a new record. Well in one of the fields
> >>the user can type in a enter. Which of course screws with reading the
> >>flat file. So I thought I'd just substutie the enters with another
> >>delimiter. Piece of cake. Only I don't seem to be able to find the
> >>enters. I thought doing a search for either "\n" or "\r" would do it but
> >>so far no luck. (In vi here is the command :%s/\n/:::/g ). Is there
> >>another escape char I should be looking for? Or should I try the hex code?
> >>
> >>Thanks,
> >>Carl
> >>
> > _______________________________________________
> > PLUG-devel mailing list - PLUG-devel@lists.PLUG.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-devel
> >
> >
>
> _______________________________________________
> PLUG-devel mailing list - PLUG-devel@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-devel
--
http://members.home.com/vodhner/resume.html
-- or --
http://www.newearth.org/~victor/resume.html