----- Original Message ----- From: "Earle Martin" openguides@downlode.org To: "OpenGuides software developers" openguides-dev@openguides.org Sent: 19 May 2005 01:40 Subject: Re: [OpenGuides-Dev] toxic XML URIs
On Tue, May 17, 2005 at 06:27:32AM +0100, IvorW wrote:
I should add that newpage.cgi needs to be patched to strip them out, and index.cgi should probably bring up an error if you try to edit a page with a bad character (like '%A0', which I just found in a node name) in the name of the node.
Sounds like a job to do in the untaint routine inside newpage.cgi. Presuming that newpage.cgi works with taint mode. ???
Actually, it doesn't at the moment. I've made a start however at stripping out badness; it's actually running live as http://london.openguides.org/newpage.cgi (code: newpage.txt in same dir).
There is a nice example using a regex to untaint in Ovid's CGI course: http://users.easystreet.com/ovid/cgi_course/lessons/lesson_three.html