Re: File Format Validation

This WebDNA talk-list message is from

2005


It keeps the original formatting.
numero = 63377
interpreted = N
texte = Thanks William. On 11/8/05 3:37 PM, "William DeVaul" wrote: > 1. I name the file myself on upload when I do the writefile of the > form input. I don't use whatever filename the user uploads on the form. Good idea. I'll implement this. > 2. This is a simple comparison of the first line to your string. If > you have *nix, you can use [shell] to use the head command for the > first line of the file for comparison. I don't know an easy way to > grab the first line in webdna without loading the db into a template > and performing grep or middle. This could present performance issues > if the file is large. I figured it out using [listfields] > 3. You can probably do this at the command line in *nix but I've not > done it. I don't know an easy way in webdna except by using grep on > each line. > Something like: > [grep > search=^(([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0 > -9]*))$&replace=$1][theFile][/grep] should work but there will be > complications with this in webdna since it will not remove the > non-matching lines. Now that I think about it, this may not be an issue. WebDNA will change the line endings once it accesses the DB for the first time. Correct? > You should also consider: > a. Validating each field. For instance the you might want the sku > field to be unique and to have a value. Already done. > b. Stripping any javascript, html and webdna. The goal is to prevent > an injection attack, i.e. code that you don't want running on your > server. Only my client can access the page, so this shouldn't be a problem. > c. Making the db inaccessible until it passes all of your validations. Already done. > d. Letting the user know where the errors were in the file so they can > fix. Good idea. I'll implement this as well. > On Nov 8, 2005, at 4:12 PM, Clint Davis wrote: > >> I'm allowing a client to upload a database file, but I want to verify >> certain aspects. I will allow them to upload the file into a holding >> area >> where I'll perform the various checks below before flushing and >> overwriting >> the existing database. >> >> 1. Make sure the file name is EXACTLY ben_dealers.db >> 2. Make sure the first line of the DB contains headers >> 3. Make sure the file is tab-delimited >> >> I have the upload code working fine, but I've never done the checks >> above. >> Anyone have code to share on something like this? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: File Format Validation ( Clint Davis 2005)
  2. Re: File Format Validation ( William DeVaul 2005)
  3. Re: File Format Validation ( William DeVaul 2005)
  4. Re: File Format Validation ( Clint Davis 2005)
  5. File Format Validation ( Clint Davis 2005)
Thanks William. On 11/8/05 3:37 PM, "William DeVaul" wrote: > 1. I name the file myself on upload when I do the writefile of the > form input. I don't use whatever filename the user uploads on the form. Good idea. I'll implement this. > 2. This is a simple comparison of the first line to your string. If > you have *nix, you can use [shell] to use the head command for the > first line of the file for comparison. I don't know an easy way to > grab the first line in webdna without loading the db into a template > and performing grep or middle. This could present performance issues > if the file is large. I figured it out using [listfields] > 3. You can probably do this at the command line in *nix but I've not > done it. I don't know an easy way in webdna except by using grep on > each line. > Something like: > [grep > search=^(([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0-9]*)\t([a-zA-Z0 > -9]*))$&replace=$1][theFile][/grep] should work but there will be > complications with this in webdna since it will not remove the > non-matching lines. Now that I think about it, this may not be an issue. WebDNA will change the line endings once it accesses the DB for the first time. Correct? > You should also consider: > a. Validating each field. For instance the you might want the sku > field to be unique and to have a value. Already done. > b. Stripping any javascript, html and webdna. The goal is to prevent > an injection attack, i.e. code that you don't want running on your > server. Only my client can access the page, so this shouldn't be a problem. > c. Making the db inaccessible until it passes all of your validations. Already done. > d. Letting the user know where the errors were in the file so they can > fix. Good idea. I'll implement this as well. > On Nov 8, 2005, at 4:12 PM, Clint Davis wrote: > >> I'm allowing a client to upload a database file, but I want to verify >> certain aspects. I will allow them to upload the file into a holding >> area >> where I'll perform the various checks below before flushing and >> overwriting >> the existing database. >> >> 1. Make sure the file name is EXACTLY ben_dealers.db >> 2. Make sure the first line of the DB contains headers >> 3. Make sure the file is tab-delimited >> >> I have the upload code working fine, but I've never done the checks >> above. >> Anyone have code to share on something like this? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Clint Davis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

using showpage and showcart commands (1996) State Coalition Approves Internet Sales Tax Plan (2002) Creating comums (1998) WebCatalog can't find database (1997) [WebDNA] Help needed with some weird crashes (2010) math on date? (1997) Customizing WebDelivery.html (1998) Limitations on fields? Server is crashing (1997) Frames and WebCat (1997) web delivery (1997) two unique banners on one page (1997) UnitShopCost (2007) [ShowNext] feature in 2.0 (1997) [shownext] and sort (1998) WebCatalog can't find database (1997) finding child records of child records of child records... with minimal code (2000) Trigger to restart Webcat Service (2001) My new discussion forum (2003) Shipping charges based on dollar level (1997) Mac app. that converts e-mails (2000)