Re: File Format Validation
This WebDNA talk-list message is from 2005
It keeps the original formatting.
numero = 63377
interpreted = N
texte = Thanks William.On 11/8/05 3:37 PM, "William DeVaul"
wrote:> 1. I name the file myself on upload when I do the writefile of the> form input. I don't use whatever filename the user uploads on the form.Good idea. I'll implement this.> 2. This is a simple comparison of the first line to your string. If> you have *nix, you can use [shell] to use the head command for the> first line of the file for comparison. I don't know an easy way to> grab the first line in webdna without loading the db into a template> and performing grep or middle. This could present performance issues> if the file is large.I figured it out using [listfields]> 3. You can probably do this at the command line in *nix but I've not> done it. I don't know an easy way in webdna except by using grep on> each line.> Something like:> [grep > search=^(([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0> -9]*))$&replace=$1][theFile][/grep] should work but there will be> complications with this in webdna since it will not remove the> non-matching lines.Now that I think about it, this may not be an issue. WebDNA will change theline endings once it accesses the DB for the first time. Correct?> You should also consider:> a. Validating each field. For instance the you might want the sku> field to be unique and to have a value.Already done.> b. Stripping any javascript, html and webdna. The goal is to prevent> an injection attack, i.e. code that you don't want running on your> server.Only my client can access the page, so this shouldn't be a problem.> c. Making the db inaccessible until it passes all of your validations.Already done.> d. Letting the user know where the errors were in the file so they can> fix.Good idea. I'll implement this as well.> On Nov 8, 2005, at 4:12 PM, Clint Davis wrote:> >> I'm allowing a client to upload a database file, but I want to verify>> certain aspects. I will allow them to upload the file into a holding>> area>> where I'll perform the various checks below before flushing and>> overwriting>> the existing database.>> >> 1. Make sure the file name is EXACTLY ben_dealers.db>> 2. Make sure the first line of the DB contains headers>> 3. Make sure the file is tab-delimited>> >> I have the upload code working fine, but I've never done the checks>> above.>> Anyone have code to share on something like this?-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Thanks William.On 11/8/05 3:37 PM, "William DeVaul" wrote:> 1. I name the file myself on upload when I do the writefile of the> form input. I don't use whatever filename the user uploads on the form.Good idea. I'll implement this.> 2. This is a simple comparison of the first line to your string. If> you have *nix, you can use [shell] to use the head command for the> first line of the file for comparison. I don't know an easy way to> grab the first line in webdna without loading the db into a template> and performing grep or middle. This could present performance issues> if the file is large.I figured it out using [listfields]> 3. You can probably do this at the command line in *nix but I've not> done it. I don't know an easy way in webdna except by using grep on> each line.> Something like:> [grep > search=^(([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0> -9]*))$&replace=$1][theFile][/grep] should work but there will be> complications with this in webdna since it will not remove the> non-matching lines.Now that I think about it, this may not be an issue. WebDNA will change theline endings once it accesses the DB for the first time. Correct?> You should also consider:> a. Validating each field. For instance the you might want the sku> field to be unique and to have a value.Already done.> b. Stripping any javascript, html and webdna. The goal is to prevent> an injection attack, i.e. code that you don't want running on your> server.Only my client can access the page, so this shouldn't be a problem.> c. Making the db inaccessible until it passes all of your validations.Already done.> d. Letting the user know where the errors were in the file so they can> fix.Good idea. I'll implement this as well.> On Nov 8, 2005, at 4:12 PM, Clint Davis wrote:> >> I'm allowing a client to upload a database file, but I want to verify>> certain aspects. I will allow them to upload the file into a holding>> area>> where I'll perform the various checks below before flushing and>> overwriting>> the existing database.>> >> 1. Make sure the file name is EXACTLY ben_dealers.db>> 2. Make sure the first line of the DB contains headers>> 3. Make sure the file is tab-delimited>> >> I have the upload code working fine, but I've never done the checks>> above.>> Anyone have code to share on something like this?-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Clint Davis
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Execute Applescript (1997)
problem: type 2 errors (1997)
Non-Cart Files in Shopping Cart Folder (1997)
WebCatalog2 Feature Feedback (1996)
Multiple Replaces (1997)
OK, here goes... (1997)
international time (1997)
all records returned. (1997)
off topic - dna snipets (1997)
Problem with pull down menu (1998)
WebDNA 5 - Privacy Issue (Built in sniffer) (2003)
Interfacing WebMerchant to www.fedex.com (1997)
color and size options / ARCHIVES (1997)
Webcat causing crashes left and right! (1997)
ShowNext (1997)
Problems with 2.1b4 (1997)
EMail not being sent (1999)
AUTHENTICATE TAG Problem (2000)
Problem with [CART] number (1998)
Stinkin' [Referrer] (1998)