Re: File Format Validation

This WebDNA talk-list message is from

2005


It keeps the original formatting.
numero = 63377
interpreted = N
texte = Thanks William. On 11/8/05 3:37 PM, "William DeVaul" wrote: > 1. I name the file myself on upload when I do the writefile of the > form input. I don't use whatever filename the user uploads on the form. Good idea. I'll implement this. > 2. This is a simple comparison of the first line to your string. If > you have *nix, you can use [shell] to use the head command for the > first line of the file for comparison. I don't know an easy way to > grab the first line in webdna without loading the db into a template > and performing grep or middle. This could present performance issues > if the file is large. I figured it out using [listfields] > 3. You can probably do this at the command line in *nix but I've not > done it. I don't know an easy way in webdna except by using grep on > each line. > Something like: > [grep > search=^(([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0 > -9]*))$&replace=$1][theFile][/grep] should work but there will be > complications with this in webdna since it will not remove the > non-matching lines. Now that I think about it, this may not be an issue. WebDNA will change the line endings once it accesses the DB for the first time. Correct? > You should also consider: > a. Validating each field. For instance the you might want the sku > field to be unique and to have a value. Already done. > b. Stripping any javascript, html and webdna. The goal is to prevent > an injection attack, i.e. code that you don't want running on your > server. Only my client can access the page, so this shouldn't be a problem. > c. Making the db inaccessible until it passes all of your validations. Already done. > d. Letting the user know where the errors were in the file so they can > fix. Good idea. I'll implement this as well. > On Nov 8, 2005, at 4:12 PM, Clint Davis wrote: > >> I'm allowing a client to upload a database file, but I want to verify >> certain aspects. I will allow them to upload the file into a holding >> area >> where I'll perform the various checks below before flushing and >> overwriting >> the existing database. >> >> 1. Make sure the file name is EXACTLY ben_dealers.db >> 2. Make sure the first line of the DB contains headers >> 3. Make sure the file is tab-delimited >> >> I have the upload code working fine, but I've never done the checks >> above. >> Anyone have code to share on something like this? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: File Format Validation ( Clint Davis 2005)
  2. Re: File Format Validation ( William DeVaul 2005)
  3. Re: File Format Validation ( William DeVaul 2005)
  4. Re: File Format Validation ( Clint Davis 2005)
  5. File Format Validation ( Clint Davis 2005)
Thanks William. On 11/8/05 3:37 PM, "William DeVaul" wrote: > 1. I name the file myself on upload when I do the writefile of the > form input. I don't use whatever filename the user uploads on the form. Good idea. I'll implement this. > 2. This is a simple comparison of the first line to your string. If > you have *nix, you can use [shell] to use the head command for the > first line of the file for comparison. I don't know an easy way to > grab the first line in webdna without loading the db into a template > and performing grep or middle. This could present performance issues > if the file is large. I figured it out using [listfields] > 3. You can probably do this at the command line in *nix but I've not > done it. I don't know an easy way in webdna except by using grep on > each line. > Something like: > [grep > search=^(([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0 > -9]*))$&replace=$1][theFile][/grep] should work but there will be > complications with this in webdna since it will not remove the > non-matching lines. Now that I think about it, this may not be an issue. WebDNA will change the line endings once it accesses the DB for the first time. Correct? > You should also consider: > a. Validating each field. For instance the you might want the sku > field to be unique and to have a value. Already done. > b. Stripping any javascript, html and webdna. The goal is to prevent > an injection attack, i.e. code that you don't want running on your > server. Only my client can access the page, so this shouldn't be a problem. > c. Making the db inaccessible until it passes all of your validations. Already done. > d. Letting the user know where the errors were in the file so they can > fix. Good idea. I'll implement this as well. > On Nov 8, 2005, at 4:12 PM, Clint Davis wrote: > >> I'm allowing a client to upload a database file, but I want to verify >> certain aspects. I will allow them to upload the file into a holding >> area >> where I'll perform the various checks below before flushing and >> overwriting >> the existing database. >> >> 1. Make sure the file name is EXACTLY ben_dealers.db >> 2. Make sure the first line of the DB contains headers >> 3. Make sure the file is tab-delimited >> >> I have the upload code working fine, but I've never done the checks >> above. >> Anyone have code to share on something like this? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Clint Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

can WC render sites out? (1997) Caching pages...again (2001) OT: Version Control (2007) writing orders to a db (1997) Lookup Notfound (1998) rotating thumbnails (1997) Date search bug (1998) Multiple catalog databases and showcart (1997) Writing to PDF (2003) My server admin needs help ... (2004) E-mailer error codes (1997) WebCat2b13MacPlugIn - [showif][search][/showif] (1997) database freeze (1997) Reminder... (2003) More on the email templates (1997) Major bug report on rootbeer (1997) Separate SSL Server (1997) Re:no [search] with NT (1997) Format question WC Mac f3 (1997) Experience with creating real dynamic solutions?????? (1998)