08-24-2008
Shell script is kind of brittle when it comes to proper quoting of user-specified arguments etc so you need to be really careful here. Perhaps wrapping the call in PHP is not such a bad idea (although PHP too has a bit of a track record when it comes to security problems .... /me ducks) and make really really sure you use proper quoting everywhere in the script and in everything which invokes it. And keep in mind that security checks in JavaScript are ineffective; somebody could simply be connecting directly to the CGI script, without going through your form (or with JavaScript disabled).
As such, it's not very hard to split on & with IFS='&'.
IFS=& query_string - Google Search brings up some matches but I would regard all of them with extreme suspicion. If you see a variable interpolation without double quotes around it, run away.
Last edited by era; 08-24-2008 at 02:13 PM..
Reason: Note that JavaScript input checking is ineffective
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi, i got this script but when i hit reset i loose the times in the form box. Can someone please edit this script so when i hit reset i dont loose the times in the form box's and also have a button to reset everything, including the form boxs
<script language="javascript">
// stopwatch... (1 Reply)
Discussion started by: perleo
1 Replies
2. Shell Programming and Scripting
All
I want to call a KORN shell script inside a javascript. Is it possible ? Please
help me to do this. I want to return or read from shell script in javascript.
Thanx in advance
Regards
Deepak Xavier (1 Reply)
Discussion started by: DeepakXavier
1 Replies
3. Shell Programming and Scripting
i want use ssh on the host01 to execute autoexec.sh on the host02 like following :
host01> ssh host02 autoexec.sh
autoexec.sh include nohup command like follwing :
nohup /home/jack/deletedata.sh &
after i execute ssh host02 autoexec.sh one the host01. i can't found deletedata.sh... (1 Reply)
Discussion started by: orablue
1 Replies
4. Web Development
I am just wondering why do programmers are using this when programming the web? When you making a joomla templates and the more focus in your mind is to target the search engines then java is very important.Not to use that. (2 Replies)
Discussion started by: Anna Hussie
2 Replies
5. Shell Programming and Scripting
<html>
<head>
<title>Weather & Aviation Page - METAR decoder</title>
<meta name="Title" content="Weather & Aviation Page - METAR decoder">
<meta name="Keywords" content="METAR decoder">
<meta name="Publisher" content="SkyStef">
<meta name="Description" content="SkyStefs weather and aviation... (4 Replies)
Discussion started by: anuajay1988
4 Replies
6. Shell Programming and Scripting
Hi
Need help...I have wrritten one code for html through shell scripting in that i am using java scripts to validate some condition and open the html page without clicking the button....
Code Details
echo "<script type="text/javascript">"
echo "function exec_refresh()"
echo "{"
... (4 Replies)
Discussion started by: l_gshankar24
4 Replies
7. Shell Programming and Scripting
I have a shell script (.sh) and I want to pass a parameter value to the awk command but I am getting exception, please assist.
diff=$1$2.diff
id=$2 new=new_$diff
echo "My id is $1"
echo "I want to sync for user account $id"
##awk command I am using is as below
cat $diff | awk... (2 Replies)
Discussion started by: Ashunayak
2 Replies
8. Web Development
I have found this bit of code that nearly does what I want.
Basically 3 input fields, I want to copy t2 to t3 as it's typed but only if t1 contains data AND t3 is empty:
<input type="text" id="t1" />
<input type="text" id="t2" />
<input type="text" id="t3" />
<script> var t2 =... (4 Replies)
Discussion started by: barrydocks
4 Replies
9. Shell Programming and Scripting
Dear Unix gurus,
We have a config shell script file which has 30 variables which needs to be passed to master unix shell script that invokes oracle database sessions. So those 30 variables need to go through the database sessions (They are inputs) via a shell script. one of the variable name... (1 Reply)
Discussion started by: dba1981
1 Replies
10. Shell Programming and Scripting
I want to navigate through a webpage and save that page in my system local automatically. How can I do that by using JavaScript in a Unix shell script. Any suggestions are welcome! (3 Replies)
Discussion started by: abhi3093
3 Replies