I just noticed Christian's note about writing the exported file.
There is a potential for a hacker to populate your database in such a
way as to result in a potentially malicious script, you must make
sure that the file that you write will NOT execute.
For example, a hacker might enter data in your application that
looked something like the following when output to your "Excel" or
text file:
#!/bin/bash
some nasty shell command
If a hacker could find a way to execute this, she could wipe your
disk, email your password file somewhere, etc.
So make sure the output file does not inherit any execute
permissions, even if you think your application is going erase it
"immediately" -- a lot of damage can be done in a few milliseconds.
Bill
On Nov 5, 2005, at 10:19 AM, Quicknote wrote:
Hi Dan
Did the witango file action not work?
It worked for me.
Thanks for the suggestion about <@crlf>
Janet
-----Original Message-----
From: Dan Stein [mailto:[EMAIL PROTECTED]
Sent: Saturday, November 05, 2005 11:54 AM
To: [email protected]
Subject: RE: Witango-Talk: help with export write csv
It is not the writing of the file and getting it is is the
formatting of the csv that is the issue
From: Christian Platt [mailto:[EMAIL PROTECTED]
Sent: Saturday, November 05, 2005 11:32 AM
To: [email protected]
Subject: Re: Witango-Talk: help with export write csv
Normally, i do a search action , assign the result to a request
variable, do a <@purgeresults> and save my variable with the result
to a file.
which is normaly <@WEBROOT><@APPFILEPATH>temp/sonstwas.csv
the temp folder has to be of witango, otherwise you cannot write
into it (on OSX)
Christian
Am 05.11.2005 um 14:11 schrieb Dan Stein:
I need to do a search on a SQL table and bring back and array with
column headers and then write it to a .csv file so it can be opened
with Excel
This is what I am doing with the search result
<@Assign request$applications @@resultset >
<@ADDROWS ARRAY="request$applications"VALUE="@@resultset
[0,*]"POSITION="0">
Then I am just doing a file write of
@@request$applications
Tgo
<@APPFILEPATH>Data/applications.csv
Thew file comes in an email but it is an array with all the HTML code.
I might be losing my mind but this worked when I first built it and
tested it but now it is not working
Any help is appreciated.
______________________________________________________________________
__TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
______________________________________________________________________
__ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/
maillist.taf
______________________________________________________________________
__ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/
maillist.taf
______________________________________________________________________
__ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
