[pLog-svn] r4439 - plog/trunk/class/net

Oscar Renalias oscar at renalias.net
Wed Jan 3 07:23:18 GMT 2007


Yes, I suppose that this is a good start.

On 1/3/07, Jon Daley <plogworld at jon.limedaley.com> wrote:
> I think this is probably the first start?  I am not sure how this regexp
> is used later - ie. will this force it to not allow a * in the name?
>
>     '{resourcename}' => '([^/*\n\r]+)?',
>
>
> On Tue, 2 Jan 2007, Oscar Renalias wrote:
> > Well we definitely need to forbid characters like "/*", no matter the
> > character set. Can we start with that and see how to improve the regexp?
> >
> > On 2 Jan 2007, at 15:56, Jon Daley wrote:
> >
> >>      I am not sure what else are valid characters for a resource.  And it
> >> seems hard to strip out certain characters typically used in SQL exploits
> >> like "/*" in all character sets?  Maybe mysql doesn't support the other
> >> characters anyway?
> >>
> >> On Thu, 28 Dec 2006, Oscar Renalias wrote:
> >>
> >>> It worries me too, but I'm really bad at coding regexps. What would the
> >>> ideal one be?
> >>>
> >>> On 28 Dec 2006, at 15:25, Jon Daley wrote:
> >>>
> >>>>    I don't know how the macros work - I guess it either defaults to
> >>>> english, which seems like a bad idea, or it has a hard-coded server-wide
> >>>> locale setting, so not helpful either.
> >>>>    But, .* worries me some.
> >>>> On Thu, 28 Dec 2006, Oscar Renalias wrote:
> >>>>> I don't know about :alpha: or :printable:, because we should allow all
> >>>>> sorts file names in all sorts of encodings (think about chinese
> >>>>> filenames) I suppose [^\n\r] is a good place to start.
> >>>>> On 28 Dec 2006, at 15:04, Jon Daley wrote:
> >>>>>
> >>>>>>  Is there some sort of :alpha: or :printable: that would be better? Or
> >>>>>> maybe at least [^\n\r]
> >>>>>> On Thu, 28 Dec 2006, oscar at devel.lifetype.net wrote:
> >>>>>>> Author: oscar
> >>>>>>> Date: 2006-12-28 12:36:16 +0000 (Thu, 28 Dec 2006)
> >>>>>>> New Revision: 4439
> >>>>>>> Modified:
> >>>>>>> plog/trunk/class/net/linkparser.class.php
> >>>>>>> Log:
> >>>>>>> I had to soften the regexp used to parse resource names out of links
> >>>>>>> to resourcs or else files with things like accented characters would
> >>>>>>> not be accepted as valid urls
> >>>>>>> Modified: plog/trunk/class/net/linkparser.class.php
> >>>>>>> ===================================================================
> >>>>>>> --- plog/trunk/class/net/linkparser.class.php   2006-12-28 10:13:02
> >>>>>>> UTC (rev 4438)
> >>>>>>> +++ plog/trunk/class/net/linkparser.class.php   2006-12-28 12:36:16
> >>>>>>> UTC (rev 4439)
> >>>>>>> @@ -36,7 +36,7 @@
> >>>>>>>                '{userid}' => '([0-9]+)?',
> >>>>>>>                '{templatename}' => '([_0-9a-zA-Z.-]+)?',
> >>>>>>>                '{resourceid}' => '([0-9]+)?',
> >>>>>>> -                  '{resourcename}' => '([_0-9a-zA-Z. \(\)\[\]-]+)?',
> >>>>>>> +                  '{resourcename}' => '(.*)?',
> >>>>>>>                '{albumid}' => '([0-9]+)?',
> >>>>>>>                '{albumname}' => '([_0-9a-zA-Z -]*)?'
> >>>>>>>            );
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>


More information about the pLog-svn mailing list