On Thu, 2008-08-28 at 14:18 +1200, Jason Haar wrote:
> Karsten Bräckelmann wrote:
> >
> > uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)$/i
>
> That won't stop "blah.exe?token=cookie". Web servers will still return
> "blah.exe" (and the attacker can trackback who clicked on it too that
> way! ;-)
Neither does the original... *shrug*
Jason, while your remark is entirely valid, you missed my point. :) My
intention was to show a better way of writing such REs, focusing on what
one actually wants to match, getting rid of all the unnecessary junk in
the originally posted RE, and writing comprehensible, maintainable,
easy-to-grasp REs. It requires merely a quick glimpse at the above RE to
understand what its purpose is.
Btw, in case you didn't notice, I didn't actually modify the original RE
other than removing the unnecessary leading part. :)
guenther
--
char *t="[EMAIL PROTECTED]";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
