Re: File Format Validation

This WebDNA talk-list message is from

2005


It keeps the original formatting.
numero = 63377
interpreted = N
texte = Thanks William. On 11/8/05 3:37 PM, "William DeVaul" wrote: > 1. I name the file myself on upload when I do the writefile of the > form input. I don't use whatever filename the user uploads on the form. Good idea. I'll implement this. > 2. This is a simple comparison of the first line to your string. If > you have *nix, you can use [shell] to use the head command for the > first line of the file for comparison. I don't know an easy way to > grab the first line in webdna without loading the db into a template > and performing grep or middle. This could present performance issues > if the file is large. I figured it out using [listfields] > 3. You can probably do this at the command line in *nix but I've not > done it. I don't know an easy way in webdna except by using grep on > each line. > Something like: > [grep > search=^(([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0 > -9]*))$&replace=$1][theFile][/grep] should work but there will be > complications with this in webdna since it will not remove the > non-matching lines. Now that I think about it, this may not be an issue. WebDNA will change the line endings once it accesses the DB for the first time. Correct? > You should also consider: > a. Validating each field. For instance the you might want the sku > field to be unique and to have a value. Already done. > b. Stripping any javascript, html and webdna. The goal is to prevent > an injection attack, i.e. code that you don't want running on your > server. Only my client can access the page, so this shouldn't be a problem. > c. Making the db inaccessible until it passes all of your validations. Already done. > d. Letting the user know where the errors were in the file so they can > fix. Good idea. I'll implement this as well. > On Nov 8, 2005, at 4:12 PM, Clint Davis wrote: > >> I'm allowing a client to upload a database file, but I want to verify >> certain aspects. I will allow them to upload the file into a holding >> area >> where I'll perform the various checks below before flushing and >> overwriting >> the existing database. >> >> 1. Make sure the file name is EXACTLY ben_dealers.db >> 2. Make sure the first line of the DB contains headers >> 3. Make sure the file is tab-delimited >> >> I have the upload code working fine, but I've never done the checks >> above. >> Anyone have code to share on something like this? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: File Format Validation ( Clint Davis 2005)
  2. Re: File Format Validation ( William DeVaul 2005)
  3. Re: File Format Validation ( William DeVaul 2005)
  4. Re: File Format Validation ( Clint Davis 2005)
  5. File Format Validation ( Clint Davis 2005)
Thanks William. On 11/8/05 3:37 PM, "William DeVaul" wrote: > 1. I name the file myself on upload when I do the writefile of the > form input. I don't use whatever filename the user uploads on the form. Good idea. I'll implement this. > 2. This is a simple comparison of the first line to your string. If > you have *nix, you can use [shell] to use the head command for the > first line of the file for comparison. I don't know an easy way to > grab the first line in webdna without loading the db into a template > and performing grep or middle. This could present performance issues > if the file is large. I figured it out using [listfields] > 3. You can probably do this at the command line in *nix but I've not > done it. I don't know an easy way in webdna except by using grep on > each line. > Something like: > [grep > search=^(([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0 > -9]*))$&replace=$1][theFile][/grep] should work but there will be > complications with this in webdna since it will not remove the > non-matching lines. Now that I think about it, this may not be an issue. WebDNA will change the line endings once it accesses the DB for the first time. Correct? > You should also consider: > a. Validating each field. For instance the you might want the sku > field to be unique and to have a value. Already done. > b. Stripping any javascript, html and webdna. The goal is to prevent > an injection attack, i.e. code that you don't want running on your > server. Only my client can access the page, so this shouldn't be a problem. > c. Making the db inaccessible until it passes all of your validations. Already done. > d. Letting the user know where the errors were in the file so they can > fix. Good idea. I'll implement this as well. > On Nov 8, 2005, at 4:12 PM, Clint Davis wrote: > >> I'm allowing a client to upload a database file, but I want to verify >> certain aspects. I will allow them to upload the file into a holding >> area >> where I'll perform the various checks below before flushing and >> overwriting >> the existing database. >> >> 1. Make sure the file name is EXACTLY ben_dealers.db >> 2. Make sure the first line of the DB contains headers >> 3. Make sure the file is tab-delimited >> >> I have the upload code working fine, but I've never done the checks >> above. >> Anyone have code to share on something like this? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Clint Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

UPS charges (2000) WebCat2b15MacPlugin - [protect] (1997) E-mailer error codes (1997) WebCat 3? (2000) Help w/ Duplicating The General Store 5 times. (1997) WebCat2b13MacPlugIn - more [date] problems (1997) Online reference (1997) Generating Report Totals (1997) changing boxes (2008) WebCatalog can't find database (1997) [OT] degree symbol (2003) Error: Too many nested [xxx] contexts (1997) rename a file (1997) Lost and Recovered. (1998) I'm new be kind (1997) Multiple cart additions (1997) AOL and [referrer] (2001) pull downs (1997) Bug or syntax error on my part? (1997) Problems with [Search] param - Mac Plugin b15 (1997)