[pLog-svn] r4439 - plog/trunk/class/net

Jon Daley plogworld at jon.limedaley.com
Wed Jan 3 03:56:36 GMT 2007 

I think this is probably the first start?  I am not sure how this regexp 
is used later - ie. will this force it to not allow a * in the name?

    '{resourcename}' => '([^/*\n\r]+)?',


On Tue, 2 Jan 2007, Oscar Renalias wrote:
> Well we definitely need to forbid characters like "/*", no matter the 
> character set. Can we start with that and see how to improve the regexp?
>
> On 2 Jan 2007, at 15:56, Jon Daley wrote:
>
>> 	I am not sure what else are valid characters for a resource.  And it 
>> seems hard to strip out certain characters typically used in SQL exploits 
>> like "/*" in all character sets?  Maybe mysql doesn't support the other 
>> characters anyway?
>> 
>> On Thu, 28 Dec 2006, Oscar Renalias wrote:
>> 
>>> It worries me too, but I'm really bad at coding regexps. What would the 
>>> ideal one be?
>>> 
>>> On 28 Dec 2006, at 15:25, Jon Daley wrote:
>>>
>>>> 	I don't know how the macros work - I guess it either defaults to 
>>>> english, which seems like a bad idea, or it has a hard-coded server-wide 
>>>> locale setting, so not helpful either.
>>>> 	But, .* worries me some.
>>>> On Thu, 28 Dec 2006, Oscar Renalias wrote:
>>>>> I don't know about :alpha: or :printable:, because we should allow all 
>>>>> sorts file names in all sorts of encodings (think about chinese 
>>>>> filenames) I suppose [^\n\r] is a good place to start.
>>>>> On 28 Dec 2006, at 15:04, Jon Daley wrote:
>>>>>
>>>>>> 	Is there some sort of :alpha: or :printable: that would be better? Or 
>>>>>> maybe at least [^\n\r]
>>>>>> On Thu, 28 Dec 2006, oscar at devel.lifetype.net wrote:
>>>>>>> Author: oscar
>>>>>>> Date: 2006-12-28 12:36:16 +0000 (Thu, 28 Dec 2006)
>>>>>>> New Revision: 4439
>>>>>>> Modified:
>>>>>>> plog/trunk/class/net/linkparser.class.php
>>>>>>> Log:
>>>>>>> I had to soften the regexp used to parse resource names out of links 
>>>>>>> to resourcs or else files with things like accented characters would 
>>>>>>> not be accepted as valid urls
>>>>>>> Modified: plog/trunk/class/net/linkparser.class.php
>>>>>>> ===================================================================
>>>>>>> --- plog/trunk/class/net/linkparser.class.php	2006-12-28 10:13:02 
>>>>>>> UTC (rev 4438)
>>>>>>> +++ plog/trunk/class/net/linkparser.class.php	2006-12-28 12:36:16 
>>>>>>> UTC (rev 4439)
>>>>>>> @@ -36,7 +36,7 @@
>>>>>>>                '{userid}' => '([0-9]+)?',
>>>>>>>                '{templatename}' => '([_0-9a-zA-Z.-]+)?',
>>>>>>>                '{resourceid}' => '([0-9]+)?',
>>>>>>> -                  '{resourcename}' => '([_0-9a-zA-Z. \(\)\[\]-]+)?',
>>>>>>> +                  '{resourcename}' => '(.*)?',
>>>>>>>                '{albumid}' => '([0-9]+)?',
>>>>>>>                '{albumname}' => '([_0-9a-zA-Z -]*)?'
>>>>>>>            );

More information about the pLog-svn mailing list