On Sat, Jun 09, 2001 at 09:52:45AM -0500, Karen Cravens ([EMAIL PROTECTED]) spew-ed
forth:
> Or just plain don't create paths through CGI (or for any other trivial
> reason). That's me. Though it's something I'll keep in mind when I
> do have a need for path creation. (I'll probably be limiting
> pathnames to alpha/numeric/underscore when I do, though, just to
> keep URLs clean, because I hate "%". Aesthetically displeasing.)
Well, depending on the application (CGI or otherwise) you sometimes need to. If
it is a path, or a file, it may need to be done (as well as putting things into
DB with chars that shouldn't be there). If someone allows for \w chars, then
they will have to clean up the havoc they are allowing. A script is only as
secure as the programmers clue about security.
>
> But really, I blame whoever was developing the filesystem and
> thought it would be a good idea to allow newlines as a valid
> character at all. Spaces, too. Bah, I say. Bah!
Agreed (with newlines, that's just silly). Spaces, well, I know that is valid
in (at least) Windows.
> > And bats aren't really blind :)
> > That's relativity." --Albert Einstein
>
> And Einstein didn't really say that (hey, this game is fun).
Yes, he did. Unless, everyone in the world is misquoting him.
Cheers,
Kevin
--
[Writing CGI Applications with Perl - http://perlcgi-book.com]
Don't mind your make-up, you'd better make your mind up.
-- Frank Zappa
