Viktor Dukhovni:
>
> > On Dec 2, 2016, at 1:30 AM, @lbutlr <krem...@kreme.com> wrote:
> >
> > I have a bash script that does it, and when a user wants this, I simply set
> > up a crontab for them. Usually after a week or so they want it turned off.
> > The script sends them a lightly styled HTML table in the email.
> >
> > The heart of the script is:
> >
> > if [ "$REJECT" = 1 ]; then
> > echo '<tr><th> </th><th>IP address</th><th>Claimed address</th></tr>'
> > bzgrep "$MATCHPAT" $LOGF | grep -i reject | egrep 'from=<[^>]+>' | grep
> > -v "Protocol error" | \
> > grep -v "$EXCLUDE" | sort -u | sed 's/from=<//' | tr -d '>,[]:' | grep
> > -v rejected | \
> > awk '{print "<tr><td class=\"rej\">REJECTED</td><td
> > class=\"right\">"$16"</td><td>"$20"</td></tr>"}'
> > fi
>
> Careful with that. To easy to create a script injection vector.
> Bash is not a good language in which to construct safely quoted
> remote content for injection into a suitable HTML skeleton.
In the AWK script, ``gsub(/[<>"]/, "_"); print...'' might do the job.
Wietse
