Code-Schnipsel QUERY STRING eval fff: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(+routine) |
(→Code: besser!) |
||
(9 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
+ | =Code= | ||
<pre> | <pre> | ||
− | + | fkt_eval_query_string () { | |
− | + | local INPUT="$QUERY_STRING" | |
− | |||
− | |||
− | |||
− | |||
− | + | test -z "$INPUT" && return | |
− | + | ||
− | + | local SANITIZED="$(echo $INPUT | sed -e 's/[^%&=+-:!,@\\"-_a-z~]//g')" | |
− | + | local ESCAPED="$(httpd -d $SANITIZED | sed -e 's/"/\\"/g' -e 's/=/="/g' -e 's/&/";/g ' -e 's/$/"/g')" | |
− | + | ||
− | + | eval $ESCAPED 2>/dev/null | |
− | |||
} | } | ||
</pre> | </pre> | ||
+ | |||
+ | =Code_alt (haesslich,aber tricky!)= | ||
+ | <pre> | ||
+ | fkt_decode_url () { # SENS: convert encoded URL to normal (e.g. %20 = space , %40 = @-Symbol ) | ||
+ | s=$(echo "$1" | sed -e "s/+/%20/g") # ARG1: (maybe) dirty string | ||
+ | echo -n ${s%%%*} # OUT1: unescaped string | ||
+ | |||
+ | if [ -n "$s" ] && [ "$s" != "${s#*%}" ]; then | ||
+ | IFS=\% | ||
+ | set ${s#*%} | ||
+ | unset IFS | ||
+ | |||
+ | for i in "$@"; do | ||
+ | echo -n -e "\\x$(echo $i | dd bs=1 count=2 2>&-)" | ||
+ | echo -n ${i#??} | ||
+ | done | ||
+ | fi | ||
+ | } | ||
+ | |||
+ | fkt_read_browsers_query_string () { # SENS: read and sanitize/convert query-string to useable vars (e.g. ?A=1&B=2 changes to correct setted vars A and B) | ||
+ | # ARG1: string, query string | ||
+ | local QUERY_STRING="$1" | ||
+ | local DAEMON="fkt_read_browsers_query_string" | ||
+ | local VARS="" | ||
+ | |||
+ | if [ -z "$QUERY_STRING" ]; then | ||
+ | fkt_log "$DAEMON" "Zero query!" 1 | ||
+ | return | ||
+ | else | ||
+ | fkt_log "$DAEMON" "Exploring query \"$QUERY_STRING\"" 1 | ||
+ | fi | ||
+ | |||
+ | IFS=\& | ||
+ | set ${QUERY_STRING%%[^%&=+-:@-_a-z~]*} | ||
+ | unset IFS | ||
+ | fkt_log "$DAEMON" "Escaping query \"$*\"" 1 | ||
+ | VARS="$(echo $* | sed -e 's/ /"; /g' -e 's/=/="/g' -e 's/$/"/g')" | ||
+ | fkt_log "$DAEMON" "Escaping query \"$VARS\"" 1 | ||
+ | VARS="$(httpd -d "$VARS")" | ||
+ | fkt_log "$DAEMON" "Evaluating query \"$VARS\"" 1 | ||
+ | eval "$VARS" | ||
+ | } | ||
+ | </pre> | ||
+ | |||
+ | =Erklaerung= | ||
+ | * aus dieser URL (POST/GET egal) | ||
+ | ** <tt> NODE=512&HOST=silber2&LOCA=Steinbr&GPSX=11.3313&GPSY=50.9934&MAIL=bla%40blub.org&PHON=0110%2F123456&MENU=expert&GOGO=%DCbernehmen"</tt> | ||
+ | * wird ein | ||
+ | ** <tt>NODE="512"; HOST="silber2"; LOCA="Steinbr"; GPSX="11.3313"; GPSY="50.9934"; MAIL="bla@blub.org"; PHON="0110/123456"; MENU="expert"; GOGO="Übernehmen"</tt> | ||
+ | * mit eval wird das ganze dann uebernommen und steht zur Verfuegung |
Aktuelle Version vom 27. Juli 2007, 13:33 Uhr
Code
fkt_eval_query_string () { local INPUT="$QUERY_STRING" test -z "$INPUT" && return local SANITIZED="$(echo $INPUT | sed -e 's/[^%&=+-:!,@\\"-_a-z~]//g')" local ESCAPED="$(httpd -d $SANITIZED | sed -e 's/"/\\"/g' -e 's/=/="/g' -e 's/&/";/g ' -e 's/$/"/g')" eval $ESCAPED 2>/dev/null }
Code_alt (haesslich,aber tricky!)
fkt_decode_url () { # SENS: convert encoded URL to normal (e.g. %20 = space , %40 = @-Symbol ) s=$(echo "$1" | sed -e "s/+/%20/g") # ARG1: (maybe) dirty string echo -n ${s%%%*} # OUT1: unescaped string if [ -n "$s" ] && [ "$s" != "${s#*%}" ]; then IFS=\% set ${s#*%} unset IFS for i in "$@"; do echo -n -e "\\x$(echo $i | dd bs=1 count=2 2>&-)" echo -n ${i#??} done fi } fkt_read_browsers_query_string () { # SENS: read and sanitize/convert query-string to useable vars (e.g. ?A=1&B=2 changes to correct setted vars A and B) # ARG1: string, query string local QUERY_STRING="$1" local DAEMON="fkt_read_browsers_query_string" local VARS="" if [ -z "$QUERY_STRING" ]; then fkt_log "$DAEMON" "Zero query!" 1 return else fkt_log "$DAEMON" "Exploring query \"$QUERY_STRING\"" 1 fi IFS=\& set ${QUERY_STRING%%[^%&=+-:@-_a-z~]*} unset IFS fkt_log "$DAEMON" "Escaping query \"$*\"" 1 VARS="$(echo $* | sed -e 's/ /"; /g' -e 's/=/="/g' -e 's/$/"/g')" fkt_log "$DAEMON" "Escaping query \"$VARS\"" 1 VARS="$(httpd -d "$VARS")" fkt_log "$DAEMON" "Evaluating query \"$VARS\"" 1 eval "$VARS" }
Erklaerung
- aus dieser URL (POST/GET egal)
- NODE=512&HOST=silber2&LOCA=Steinbr&GPSX=11.3313&GPSY=50.9934&MAIL=bla%40blub.org&PHON=0110%2F123456&MENU=expert&GOGO=%DCbernehmen"
- wird ein
- NODE="512"; HOST="silber2"; LOCA="Steinbr"; GPSX="11.3313"; GPSY="50.9934"; MAIL="bla@blub.org"; PHON="0110/123456"; MENU="expert"; GOGO="Übernehmen"
- mit eval wird das ganze dann uebernommen und steht zur Verfuegung