Änderungen

4.089 Bytes hinzugefügt , 13:33, 27. Jul. 2007

→‎Code: besser!

Zeile 1: Zeile 1: +

=Code=

<pre>

−

~~fkt_read_browsers_query_string~~ () { ~~# SENS: read and sanitize/convert query-string to useable vars~~

+

fkt_eval_query_string () {

−

~~# (e.g. ?A=1&B=2 changes to correct setted vars A and B)~~

+

local INPUT="$QUERY_STRING"

−

~~# ARG1: string, query string~~

−

local ~~QUERY_STRING~~=~~"$1"~~

−

~~test -z~~ "$QUERY_STRING" ~~return 1~~

−

~~IFS=\~~&

+

test -z "$INPUT" && return

−

~~set~~ $~~{QUERY_STRING%%~~[^%&=+-:@-_a-z~]*}

+

−

~~unset IFS~~

+

local SANITIZED="$(echo $INPUT | sed -e 's/[^%&=+-:!,@\\"-_a-z~]//g')"

−

~~VARS~~="$(~~echo~~ $* | sed -e 's/ /"; /g' -e 's/=/="/g' -e 's/$/"/g')"

+

local ESCAPED="$(httpd -d $SANITIZED | sed -e 's/"/\\"/g' -e 's/=/="/g' -e 's/&/";/g ' -e 's/$/"/g')"

−

~~VARS="$(httpd~~ -~~d "~~$~~VARS~~")"

+

−

+

eval $ESCAPED 2>/dev/null

−

eval "$~~VARS"~~

}

</pre>

+

=Code_alt (haesslich,aber tricky!)=

+

<pre>

+

fkt_decode_url () { # SENS: convert encoded URL to normal (e.g. %20 = space , %40 = @-Symbol )

+

s=$(echo "$1" | sed -e "s/+/%20/g") # ARG1: (maybe) dirty string

+

echo -n ${s%%%*} # OUT1: unescaped string

+

if [ -n "$s" ] && [ "$s" != "${s#*%}" ]; then

+

IFS=\%

+

set ${s#*%}

+

unset IFS

+

for i in "$@"; do

+

echo -n -e "\\x$(echo $i | dd bs=1 count=2 2>&-)"

+

echo -n ${i#??}

+

done

+

fi

+

}

+

fkt_read_browsers_query_string () { # SENS: read and sanitize/convert query-string to useable vars (e.g. ?A=1&B=2 changes to correct setted vars A and B)

+

# ARG1: string, query string

+

local QUERY_STRING="$1"

+

local DAEMON="fkt_read_browsers_query_string"

+

local VARS=""

+

if [ -z "$QUERY_STRING" ]; then

+

fkt_log "$DAEMON" "Zero query!" 1

+

return

+

else

+

fkt_log "$DAEMON" "Exploring query \"$QUERY_STRING\"" 1

+

fi

+

IFS=\&

+

set ${QUERY_STRING%%[^%&=+-:@-_a-z~]*}

+

unset IFS

+

fkt_log "$DAEMON" "Escaping query \"$*\"" 1

+

VARS="$(echo $* | sed -e 's/ /"; /g' -e 's/=/="/g' -e 's/$/"/g')"

+

fkt_log "$DAEMON" "Escaping query \"$VARS\"" 1

+

VARS="$(httpd -d "$VARS")"

+

fkt_log "$DAEMON" "Evaluating query \"$VARS\"" 1

+

eval "$VARS"

+

}

+

</pre>

+

=Erklaerung=

+

* aus dieser URL (POST/GET egal)

+

** <tt> NODE=512&HOST=silber2&LOCA=Steinbr&GPSX=11.3313&GPSY=50.9934&MAIL=bla%40blub.org&PHON=0110%2F123456&MENU=expert&GOGO=%DCbernehmen"</tt>

+

* wird ein

+

** <tt>NODE="512"; HOST="silber2"; LOCA="Steinbr"; GPSX="11.3313"; GPSY="50.9934"; MAIL="bla@blub.org"; PHON="0110/123456"; MENU="expert"; GOGO="Übernehmen"</tt>

+

* mit eval wird das ganze dann uebernommen und steht zur Verfuegung

Fries43

Bürokraten, Administratoren

3.747

Bearbeitungen

Änderungen

Code-Schnipsel QUERY STRING eval fff (Quelltext anzeigen)

Version vom 27. Juli 2007, 13:33 Uhr

Navigationsmenü

Suche