Code-Schnipsel QUERY STRING eval fff
Code
fkt_eval_query_string () {
local INPUT="$QUERY_STRING"
test -z "$INPUT" && return
local SANITIZED="$(echo $INPUT | sed -e 's/[^%&=+-:!,@\\"-_a-z~]//g')"
local ESCAPED="$(httpd -d $SANITIZED | sed -e 's/"/\\"/g' -e 's/=/="/g' -e 's/&/";/g ' -e 's/$/"/g')"
eval $ESCAPED 2>/dev/null
}
Code_alt (haesslich,aber tricky!)
fkt_decode_url () { # SENS: convert encoded URL to normal (e.g. %20 = space , %40 = @-Symbol )
s=$(echo "$1" | sed -e "s/+/%20/g") # ARG1: (maybe) dirty string
echo -n ${s%%%*} # OUT1: unescaped string
if [ -n "$s" ] && [ "$s" != "${s#*%}" ]; then
IFS=\%
set ${s#*%}
unset IFS
for i in "$@"; do
echo -n -e "\\x$(echo $i | dd bs=1 count=2 2>&-)"
echo -n ${i#??}
done
fi
}
fkt_read_browsers_query_string () { # SENS: read and sanitize/convert query-string to useable vars (e.g. ?A=1&B=2 changes to correct setted vars A and B)
# ARG1: string, query string
local QUERY_STRING="$1"
local DAEMON="fkt_read_browsers_query_string"
local VARS=""
if [ -z "$QUERY_STRING" ]; then
fkt_log "$DAEMON" "Zero query!" 1
return
else
fkt_log "$DAEMON" "Exploring query \"$QUERY_STRING\"" 1
fi
IFS=\&
set ${QUERY_STRING%%[^%&=+-:@-_a-z~]*}
unset IFS
fkt_log "$DAEMON" "Escaping query \"$*\"" 1
VARS="$(echo $* | sed -e 's/ /"; /g' -e 's/=/="/g' -e 's/$/"/g')"
fkt_log "$DAEMON" "Escaping query \"$VARS\"" 1
VARS="$(httpd -d "$VARS")"
fkt_log "$DAEMON" "Evaluating query \"$VARS\"" 1
eval "$VARS"
}
Erklaerung
- aus dieser URL (POST/GET egal)
- NODE=512&HOST=silber2&LOCA=Steinbr&GPSX=11.3313&GPSY=50.9934&MAIL=bla%40blub.org&PHON=0110%2F123456&MENU=expert&GOGO=%DCbernehmen"
- wird ein
- NODE="512"; HOST="silber2"; LOCA="Steinbr"; GPSX="11.3313"; GPSY="50.9934"; MAIL="bla@blub.org"; PHON="0110/123456"; MENU="expert"; GOGO="Übernehmen"
- mit eval wird das ganze dann uebernommen und steht zur Verfuegung