Konstantin Rozinov wrote:
it's ok to receive garbage. Just don't send garbage. This leads me
back to the OP's question of "do I need to validate user input that is
written to a log file?". The answer is no but you do need to escape
(or rather remove, truncate or flatten) anything that you don't want
to end up being read by a program that reads log files like passwords
and excessively long messages that might fill up the disk or prevent
someone from viewing the log.
Mike
Mike brings up a good point about truncating excessively long
user-inputted strings when logging them.
I'm currently using something like this:
if (strlen($msg)> ProjectConstants::LOG_MESSAGE_MAX_LENGTH)
{
$msg = substr($msg, 0, ProjectConstants::LOG_MESSAGE_MAX_LENGTH);
$msg .= '...';
}
Any suggestions or ideas?
I generally use this method for truncating strings (breaks on word
boundaries): http://tr.im/itax
--
justin
http://justinhileman.com
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
