On Thu, 25 Jun 1998, Theo Van Dinter wrote:
[snip]
> I don't use the program in question so I can't pass this on to the author, but
> here is a replacement for that "bad" line that will handle all (to my
> knowledge) SSI's including malformed ones:
>
> $value=~s{
> <! # Comments start with <!
> ([^<>]|<[^<>]+>)* # Remove anything in between, including
> # the non-spec'ed included tags ...
> > # End of the comment.
> }{}gsx; # Replace with Nothing
>
>
> This replaces <! ... >, including "not correct" commented-out tags.
> Works great in a little web spider I wrote.
I'm not convinced this is a complete solution:
andru:~$ cat sub.pl
#!/usr/bin/perl -p
s{
<! # Comments start with <!
([^<>]|<[^<>]+>)* # Remove anything in between, including
# the non-spec'ed included tags ...
> # End of the comment.
}{}gsx; # Replace with Nothing
andru:~$ perl sub.pl
<<!>!--#exec #cmd="/bin/echo foo">
<!--#exec #cmd="/bin/echo foo">
andru:~$
perhaps something like:
while($value =~ /<!/) {
...
}
would be better...
though I agree that the "correct" solution is to simply configure your
server so that it doesn't parse the guestbook.
andru
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:38 PDT