[sword-devel] diatheke security
Eeli Kaikkonen
eekaikko at mail.student.oulu.fi
Wed Feb 7 02:40:47 MST 2007
On Wed, 7 Feb 2007, Linas S. wrote:
> > You should quote the search key like the perl cgi script does (iirc)
> > e.g. diatheke -b KJV -s phrase -k 'Jesus; ls /etc'
>
> Yes, I did that. But I was not sure if it completely solves the problem.
If user then writes ';ls /etc' it will become ...-k '';ls /etc'' and
quoting is useless.
Different languages and libraries may have solutions for removing
certain characters. I use pyhon in my JD Bible Bot project and it has
a check like this:
lettercat=unicodedata.category(unichr(ord(letter)))
if lettercat not in ['Ll','Lu','Nd'] and letter not in '-:. ':
return('[...]Alphanumeric characters, space and -:. are allowed.')
The idea is that python library has code which checks a letter, here it
must be a unicode alphabetic letter or number. -:. are of course also
allowed for keys. (This is for Bible verse keys, not dictionary keys.)
Yours,
Eeli Kaikkonen (Mr.), Oulu, Finland
e-mail: eekaikko at mailx.studentx.oulux.fix (with no x)
More information about the sword-devel
mailing list