Re: File Format Validation

This WebDNA talk-list message is from

2005


It keeps the original formatting.
numero = 63377
interpreted = N
texte = Thanks William. On 11/8/05 3:37 PM, "William DeVaul" wrote: > 1. I name the file myself on upload when I do the writefile of the > form input. I don't use whatever filename the user uploads on the form. Good idea. I'll implement this. > 2. This is a simple comparison of the first line to your string. If > you have *nix, you can use [shell] to use the head command for the > first line of the file for comparison. I don't know an easy way to > grab the first line in webdna without loading the db into a template > and performing grep or middle. This could present performance issues > if the file is large. I figured it out using [listfields] > 3. You can probably do this at the command line in *nix but I've not > done it. I don't know an easy way in webdna except by using grep on > each line. > Something like: > [grep > search=^(([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0 > -9]*))$&replace=$1][theFile][/grep] should work but there will be > complications with this in webdna since it will not remove the > non-matching lines. Now that I think about it, this may not be an issue. WebDNA will change the line endings once it accesses the DB for the first time. Correct? > You should also consider: > a. Validating each field. For instance the you might want the sku > field to be unique and to have a value. Already done. > b. Stripping any javascript, html and webdna. The goal is to prevent > an injection attack, i.e. code that you don't want running on your > server. Only my client can access the page, so this shouldn't be a problem. > c. Making the db inaccessible until it passes all of your validations. Already done. > d. Letting the user know where the errors were in the file so they can > fix. Good idea. I'll implement this as well. > On Nov 8, 2005, at 4:12 PM, Clint Davis wrote: > >> I'm allowing a client to upload a database file, but I want to verify >> certain aspects. I will allow them to upload the file into a holding >> area >> where I'll perform the various checks below before flushing and >> overwriting >> the existing database. >> >> 1. Make sure the file name is EXACTLY ben_dealers.db >> 2. Make sure the first line of the DB contains headers >> 3. Make sure the file is tab-delimited >> >> I have the upload code working fine, but I've never done the checks >> above. >> Anyone have code to share on something like this? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: File Format Validation ( Clint Davis 2005)
  2. Re: File Format Validation ( William DeVaul 2005)
  3. Re: File Format Validation ( William DeVaul 2005)
  4. Re: File Format Validation ( Clint Davis 2005)
  5. File Format Validation ( Clint Davis 2005)
Thanks William. On 11/8/05 3:37 PM, "William DeVaul" wrote: > 1. I name the file myself on upload when I do the writefile of the > form input. I don't use whatever filename the user uploads on the form. Good idea. I'll implement this. > 2. This is a simple comparison of the first line to your string. If > you have *nix, you can use [shell] to use the head command for the > first line of the file for comparison. I don't know an easy way to > grab the first line in webdna without loading the db into a template > and performing grep or middle. This could present performance issues > if the file is large. I figured it out using [listfields] > 3. You can probably do this at the command line in *nix but I've not > done it. I don't know an easy way in webdna except by using grep on > each line. > Something like: > [grep > search=^(([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0 > -9]*))$&replace=$1][theFile][/grep] should work but there will be > complications with this in webdna since it will not remove the > non-matching lines. Now that I think about it, this may not be an issue. WebDNA will change the line endings once it accesses the DB for the first time. Correct? > You should also consider: > a. Validating each field. For instance the you might want the sku > field to be unique and to have a value. Already done. > b. Stripping any javascript, html and webdna. The goal is to prevent > an injection attack, i.e. code that you don't want running on your > server. Only my client can access the page, so this shouldn't be a problem. > c. Making the db inaccessible until it passes all of your validations. Already done. > d. Letting the user know where the errors were in the file so they can > fix. Good idea. I'll implement this as well. > On Nov 8, 2005, at 4:12 PM, Clint Davis wrote: > >> I'm allowing a client to upload a database file, but I want to verify >> certain aspects. I will allow them to upload the file into a holding >> area >> where I'll perform the various checks below before flushing and >> overwriting >> the existing database. >> >> 1. Make sure the file name is EXACTLY ben_dealers.db >> 2. Make sure the first line of the DB contains headers >> 3. Make sure the file is tab-delimited >> >> I have the upload code working fine, but I've never done the checks >> above. >> Anyone have code to share on something like this? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Clint Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Execute Applescript (1997) problem: type 2 errors (1997) Non-Cart Files in Shopping Cart Folder (1997) WebCatalog2 Feature Feedback (1996) Multiple Replaces (1997) OK, here goes... (1997) international time (1997) all records returned. (1997) off topic - dna snipets (1997) Problem with pull down menu (1998) WebDNA 5 - Privacy Issue (Built in sniffer) (2003) Interfacing WebMerchant to www.fedex.com (1997) color and size options / ARCHIVES (1997) Webcat causing crashes left and right! (1997) ShowNext (1997) Problems with 2.1b4 (1997) EMail not being sent (1999) AUTHENTICATE TAG Problem (2000) Problem with [CART] number (1998) Stinkin' [Referrer] (1998)