Re: CFFM almost finished

Rick Root Wed, 08 Dec 2004 05:04:10 -0800

Martin Parry wrote:
> Hey dude - modified the banner page for you..

Heh, thanks Martin!  There was a bug in my regular expression code that 
checked for such a security breach.


Here is my new regex...

         <cfif
                 ReFind("^\.+[\\\/]",checkValue) gt 0 OR
                 ReFind("[\\\/]\.+$",checkValue) gt 0 OR
                 ReFind("[\\\/]\.+[\\\/]",checkValue) gt 0 OR
                 ReFind("\.+",checkValue) gt 0>
                 <cfreturn arguments.defaultValue>
         <cfelse>
                 <cfreturn arguments.checkValue>
         </cfif>

It's intended to block the following:

../(something)
./(something)
(something)/..
(something)/.
(something)/../(something)
(something)/./(something)
.
..

  - Rick



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net
http://www.cfhosting.net

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:186620
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Re: CFFM almost finished

Reply via email to