[pLog-svn] r4439 - plog/trunk/class/net

Jon Daley plogworld at jon.limedaley.com
Tue Jan 2 13:56:49 GMT 2007


 	I am not sure what else are valid characters for a resource.  And 
it seems hard to strip out certain characters typically used in SQL 
exploits like "/*" in all character sets?  Maybe mysql doesn't support the 
other characters anyway?

  On Thu, 28 Dec 2006, Oscar Renalias wrote:

> It worries me too, but I'm really bad at coding regexps. What would the ideal 
> one be?
>
> On 28 Dec 2006, at 15:25, Jon Daley wrote:
>
>> 	I don't know how the macros work - I guess it either defaults to 
>> english, which seems like a bad idea, or it has a hard-coded server-wide 
>> locale setting, so not helpful either.
>> 	But, .* worries me some.
>> 
>> On Thu, 28 Dec 2006, Oscar Renalias wrote:
>>> I don't know about :alpha: or :printable:, because we should allow all 
>>> sorts file names in all sorts of encodings (think about chinese filenames) 
>>> I suppose [^\n\r] is a good place to start.
>>> 
>>> On 28 Dec 2006, at 15:04, Jon Daley wrote:
>>>
>>>> 	Is there some sort of :alpha: or :printable: that would be better? Or 
>>>> maybe at least [^\n\r]
>>>> On Thu, 28 Dec 2006, oscar at devel.lifetype.net wrote:
>>>>> Author: oscar
>>>>> Date: 2006-12-28 12:36:16 +0000 (Thu, 28 Dec 2006)
>>>>> New Revision: 4439
>>>>> Modified:
>>>>> plog/trunk/class/net/linkparser.class.php
>>>>> Log:
>>>>> I had to soften the regexp used to parse resource names out of links to 
>>>>> resourcs or else files with things like accented characters would not be 
>>>>> accepted as valid urls
>>>>> Modified: plog/trunk/class/net/linkparser.class.php
>>>>> ===================================================================
>>>>> --- plog/trunk/class/net/linkparser.class.php	2006-12-28 10:13:02 
>>>>> UTC (rev 4438)
>>>>> +++ plog/trunk/class/net/linkparser.class.php	2006-12-28 12:36:16 
>>>>> UTC (rev 4439)
>>>>> @@ -36,7 +36,7 @@
>>>>>                 '{userid}' => '([0-9]+)?',
>>>>>                 '{templatename}' => '([_0-9a-zA-Z.-]+)?',
>>>>>                 '{resourceid}' => '([0-9]+)?',
>>>>> -                  '{resourcename}' => '([_0-9a-zA-Z. \(\)\[\]-]+)?',
>>>>> +                  '{resourcename}' => '(.*)?',
>>>>>                 '{albumid}' => '([0-9]+)?',
>>>>>                 '{albumname}' => '([_0-9a-zA-Z -]*)?'
>>>>>             );
>>>>> _______________________________________________
>>>>> pLog-svn mailing list
>>>>> pLog-svn at devel.lifetype.net
>>>>> http://devel.lifetype.net/mailman/listinfo/plog-svn
>>>> -- 
>>>> Jon Daley
>>>> http://jon.limedaley.com/
>>>> There cannot be a crisis next week.  My schedule is already full.
>>>> -- Henry Kissinger
>>>> _______________________________________________
>>>> pLog-svn mailing list
>>>> pLog-svn at devel.lifetype.net
>>>> http://devel.lifetype.net/mailman/listinfo/plog-svn
>>> 
>>> _______________________________________________
>>> pLog-svn mailing list
>>> pLog-svn at devel.lifetype.net
>>> http://devel.lifetype.net/mailman/listinfo/plog-svn
>> 
>> -- 
>> Jon Daley
>> http://jon.limedaley.com/
>> 
>> I either want less corruption, or more chance to participate in it.
>> -- Ashleigh Brilliant
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://devel.lifetype.net/mailman/listinfo/plog-svn
>> 
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn

-- 
Jon Daley
http://jon.limedaley.com/

"I see," said the blind man as he picked up a hammer and saw.


More information about the pLog-svn mailing list