Re: [analog-help] Perl to ASP

Thu, 2 Dec 1999 04:19:02 -0800 



Stephen Turner wrote:

> On Thu, 2 Dec 1999, Dave Cobb wrote:
> >
> > I need to parse input from a form so only alphanumeric and numeric
> > characters are let through.
>
> This is not quite enough for analog. Some non-alphanumeric characters are
> also needed, for example in filenames, or FROM and TO strings.

I thought FROM & TO commands were numeric,e.g. 990303?

>
>
> > Rundown:  form details (e.g. commands) are passed to ASP script, script gets form
> > values splits them into appropriate command names and commands, these are
> > concatenated into a command line string which formats the output using the +C
> > command.
>
> You're editing out the commands in anlgform.pl's @forbidden array are you?
>

No. See below

>
> Do you obey the same syntax as anlgform? For example, FLOORA and FLOORB, or
> COMMAND1 and COMMAND2. Or will people need new forms as well?
>

The way which it works is that ANY command can be passed from the form, this makes it
futureproof - BUT here is the security risk.  If any command is passed then someone can
hack the commands passed from the form and execute anything on a command line basis.
Therefore parsing form contents is required, e.g. no carriage returns or \n\r, etc..

>
> --
> Stephen Turner    [EMAIL PROTECTED]    http://www.statslab.cam.ac.uk/~sret1/
>   Statistical Laboratory, 16 Mill Lane, Cambridge CB2 1SB, England
>   "As always, it's considered good practice to temporarily disable any
>    virus detection software prior to installing new software." (Netscape)
>
> ------------------------------------------------------------------------
> This is the analog-help mailing list. To unsubscribe from this
> mailing list, send mail to [EMAIL PROTECTED]
> with "unsubscribe analog-help" in the main BODY OF THE MESSAGE.
> List archived at http://www.mail-archive.com/[email protected]/
> ------------------------------------------------------------------------

--
Dave Cobb - Web Developer
Omniplex New Media
www.omniplex.co.uk
TEL: 01780 489190
FAX: 01780 489199


------------------------------------------------------------------------
This is the analog-help mailing list. To unsubscribe from this
mailing list, send mail to [EMAIL PROTECTED]
with "unsubscribe analog-help" in the main BODY OF THE MESSAGE.
List archived at http://www.mail-archive.com/[email protected]/
------------------------------------------------------------------------

Reply via email to