Re: File Format Validation
This WebDNA talk-list message is from 2005
It keeps the original formatting.
numero = 63377
interpreted = N
texte = Thanks William.On 11/8/05 3:37 PM, "William DeVaul"
wrote:> 1. I name the file myself on upload when I do the writefile of the> form input. I don't use whatever filename the user uploads on the form.Good idea. I'll implement this.> 2. This is a simple comparison of the first line to your string. If> you have *nix, you can use [shell] to use the head command for the> first line of the file for comparison. I don't know an easy way to> grab the first line in webdna without loading the db into a template> and performing grep or middle. This could present performance issues> if the file is large.I figured it out using [listfields]> 3. You can probably do this at the command line in *nix but I've not> done it. I don't know an easy way in webdna except by using grep on> each line.> Something like:> [grep > search=^(([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0> -9]*))$&replace=$1][theFile][/grep] should work but there will be> complications with this in webdna since it will not remove the> non-matching lines.Now that I think about it, this may not be an issue. WebDNA will change theline endings once it accesses the DB for the first time. Correct?> You should also consider:> a. Validating each field. For instance the you might want the sku> field to be unique and to have a value.Already done.> b. Stripping any javascript, html and webdna. The goal is to prevent> an injection attack, i.e. code that you don't want running on your> server.Only my client can access the page, so this shouldn't be a problem.> c. Making the db inaccessible until it passes all of your validations.Already done.> d. Letting the user know where the errors were in the file so they can> fix.Good idea. I'll implement this as well.> On Nov 8, 2005, at 4:12 PM, Clint Davis wrote:> >> I'm allowing a client to upload a database file, but I want to verify>> certain aspects. I will allow them to upload the file into a holding>> area>> where I'll perform the various checks below before flushing and>> overwriting>> the existing database.>> >> 1. Make sure the file name is EXACTLY ben_dealers.db>> 2. Make sure the first line of the DB contains headers>> 3. Make sure the file is tab-delimited>> >> I have the upload code working fine, but I've never done the checks>> above.>> Anyone have code to share on something like this?-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Thanks William.On 11/8/05 3:37 PM, "William DeVaul" wrote:> 1. I name the file myself on upload when I do the writefile of the> form input. I don't use whatever filename the user uploads on the form.Good idea. I'll implement this.> 2. This is a simple comparison of the first line to your string. If> you have *nix, you can use [shell] to use the head command for the> first line of the file for comparison. I don't know an easy way to> grab the first line in webdna without loading the db into a template> and performing grep or middle. This could present performance issues> if the file is large.I figured it out using [listfields]> 3. You can probably do this at the command line in *nix but I've not> done it. I don't know an easy way in webdna except by using grep on> each line.> Something like:> [grep > search=^(([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0> -9]*))$&replace=$1][theFile][/grep] should work but there will be> complications with this in webdna since it will not remove the> non-matching lines.Now that I think about it, this may not be an issue. WebDNA will change theline endings once it accesses the DB for the first time. Correct?> You should also consider:> a. Validating each field. For instance the you might want the sku> field to be unique and to have a value.Already done.> b. Stripping any javascript, html and webdna. The goal is to prevent> an injection attack, i.e. code that you don't want running on your> server.Only my client can access the page, so this shouldn't be a problem.> c. Making the db inaccessible until it passes all of your validations.Already done.> d. Letting the user know where the errors were in the file so they can> fix.Good idea. I'll implement this as well.> On Nov 8, 2005, at 4:12 PM, Clint Davis wrote:> >> I'm allowing a client to upload a database file, but I want to verify>> certain aspects. I will allow them to upload the file into a holding>> area>> where I'll perform the various checks below before flushing and>> overwriting>> the existing database.>> >> 1. Make sure the file name is EXACTLY ben_dealers.db>> 2. Make sure the first line of the DB contains headers>> 3. Make sure the file is tab-delimited>> >> I have the upload code working fine, but I've never done the checks>> above.>> Anyone have code to share on something like this?-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Clint Davis
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
can WC render sites out? (1997)
Caching pages...again (2001)
OT: Version Control (2007)
writing orders to a db (1997)
Lookup Notfound (1998)
rotating thumbnails (1997)
Date search bug (1998)
Multiple catalog databases and showcart (1997)
Writing to PDF (2003)
My server admin needs help ... (2004)
E-mailer error codes (1997)
WebCat2b13MacPlugIn - [showif][search][/showif] (1997)
database freeze (1997)
Reminder... (2003)
More on the email templates (1997)
Major bug report on rootbeer (1997)
Separate SSL Server (1997)
Re:no [search] with NT (1997)
Format question WC Mac f3 (1997)
Experience with creating real dynamic solutions?????? (1998)