Re: PATCH: faxsurvey

From: Sir Syko (sirsykoat_private)
Date: Tue Aug 04 1998 - 10:07:04 PDT

Next message: RSI Advise: "RSI.0007.05-26-98.SUN.LIBAUTH"

Previous message: Ernie Souhrada: "Re: Object tag and stack overflow on IE 4.0"
Maybe in reply to: Tom: "PATCH: faxsurvey"
Next in thread: Illuminatus Primus: "Re: PATCH: faxsurvey"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Hi.
>
> Here comes the patch for the 'faxsurvey' cgi-script.
> The problem is the quotation marks for the 'eval' command.
> Will they ever learn?
>
> Don't forget to remove/chown 'faxsurvey.orig' after patching.
>
> Cheers
>         Tom

how does your "patch" do anything except break the cgi? You are telling perl to
eval the ECHO command which doesnt exist. Also, the quotes still arent properly
terminated.

> +eval "ECHO "$QUERY_STRING" | $UNQUOTE -qn | $SED 's/PATH=[^;]*;//g'"
>

should you not make this:

eval "$ECHO \'$QUERY_STRING\' | $UNQUOTE -qn | $SED 's/PATH=[^;]*;//g'"

which will pass the single quotes to the shell, telling it that this string
should be literal?  Even better would be to pass the string through a filter
that strips nasty characters.

Adam

Next message: RSI Advise: "RSI.0007.05-26-98.SUN.LIBAUTH"
Previous message: Ernie Souhrada: "Re: Object tag and stack overflow on IE 4.0"
Maybe in reply to: Tom: "PATCH: faxsurvey"
Next in thread: Illuminatus Primus: "Re: PATCH: faxsurvey"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:14 PDT