Re: File Format Validation

This WebDNA talk-list message is from

2005


It keeps the original formatting.
numero = 63377
interpreted = N
texte = Thanks William. On 11/8/05 3:37 PM, "William DeVaul" wrote: > 1. I name the file myself on upload when I do the writefile of the > form input. I don't use whatever filename the user uploads on the form. Good idea. I'll implement this. > 2. This is a simple comparison of the first line to your string. If > you have *nix, you can use [shell] to use the head command for the > first line of the file for comparison. I don't know an easy way to > grab the first line in webdna without loading the db into a template > and performing grep or middle. This could present performance issues > if the file is large. I figured it out using [listfields] > 3. You can probably do this at the command line in *nix but I've not > done it. I don't know an easy way in webdna except by using grep on > each line. > Something like: > [grep > search=^(([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0 > -9]*))$&replace=$1][theFile][/grep] should work but there will be > complications with this in webdna since it will not remove the > non-matching lines. Now that I think about it, this may not be an issue. WebDNA will change the line endings once it accesses the DB for the first time. Correct? > You should also consider: > a. Validating each field. For instance the you might want the sku > field to be unique and to have a value. Already done. > b. Stripping any javascript, html and webdna. The goal is to prevent > an injection attack, i.e. code that you don't want running on your > server. Only my client can access the page, so this shouldn't be a problem. > c. Making the db inaccessible until it passes all of your validations. Already done. > d. Letting the user know where the errors were in the file so they can > fix. Good idea. I'll implement this as well. > On Nov 8, 2005, at 4:12 PM, Clint Davis wrote: > >> I'm allowing a client to upload a database file, but I want to verify >> certain aspects. I will allow them to upload the file into a holding >> area >> where I'll perform the various checks below before flushing and >> overwriting >> the existing database. >> >> 1. Make sure the file name is EXACTLY ben_dealers.db >> 2. Make sure the first line of the DB contains headers >> 3. Make sure the file is tab-delimited >> >> I have the upload code working fine, but I've never done the checks >> above. >> Anyone have code to share on something like this? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: File Format Validation ( Clint Davis 2005)
  2. Re: File Format Validation ( William DeVaul 2005)
  3. Re: File Format Validation ( William DeVaul 2005)
  4. Re: File Format Validation ( Clint Davis 2005)
  5. File Format Validation ( Clint Davis 2005)
Thanks William. On 11/8/05 3:37 PM, "William DeVaul" wrote: > 1. I name the file myself on upload when I do the writefile of the > form input. I don't use whatever filename the user uploads on the form. Good idea. I'll implement this. > 2. This is a simple comparison of the first line to your string. If > you have *nix, you can use [shell] to use the head command for the > first line of the file for comparison. I don't know an easy way to > grab the first line in webdna without loading the db into a template > and performing grep or middle. This could present performance issues > if the file is large. I figured it out using [listfields] > 3. You can probably do this at the command line in *nix but I've not > done it. I don't know an easy way in webdna except by using grep on > each line. > Something like: > [grep > search=^(([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0 > -9]*))$&replace=$1][theFile][/grep] should work but there will be > complications with this in webdna since it will not remove the > non-matching lines. Now that I think about it, this may not be an issue. WebDNA will change the line endings once it accesses the DB for the first time. Correct? > You should also consider: > a. Validating each field. For instance the you might want the sku > field to be unique and to have a value. Already done. > b. Stripping any javascript, html and webdna. The goal is to prevent > an injection attack, i.e. code that you don't want running on your > server. Only my client can access the page, so this shouldn't be a problem. > c. Making the db inaccessible until it passes all of your validations. Already done. > d. Letting the user know where the errors were in the file so they can > fix. Good idea. I'll implement this as well. > On Nov 8, 2005, at 4:12 PM, Clint Davis wrote: > >> I'm allowing a client to upload a database file, but I want to verify >> certain aspects. I will allow them to upload the file into a holding >> area >> where I'll perform the various checks below before flushing and >> overwriting >> the existing database. >> >> 1. Make sure the file name is EXACTLY ben_dealers.db >> 2. Make sure the first line of the DB contains headers >> 3. Make sure the file is tab-delimited >> >> I have the upload code working fine, but I've never done the checks >> above. >> Anyone have code to share on something like this? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Clint Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Multiple prices (1997) Multi-processor Mac info ... (1997) Bug? (1997) Spiders (2000) Re:Change WebDNA-Talk Mail due to no digest for 1wk (1997) WebCat2 several catalogs? (1997) Ampersands in database fields? (1998) newcart (1997) emailer error -108 (1997) Cart Number sequence (1997) SM webcat-3 docs need attention (2000) Running 2 two WebCatalog.acgi's (1996) Bug Report, maybe (1997) I'm new be kind (1997) ShowNext (1997) Signal Raised (1997) 2.0.1 new commands and contexts (1997) Off-topic: Message to Will Stark ... (2003) authorize net (2001) where to put code (1998)