Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re^8: somethign wrong with the sumbit

by Nik
on Jan 07, 2008 at 20:46 UTC ( #660938=note: print w/ replies, xml ) Need Help??


in reply to Re^7: somethign wrong with the sumbit
in thread somethign wrong with the sumbit

I tried to read it, but so much of it made so little sense and was frankly erroneous. The only explanation I can imagine is that the code actually working on your website now is not the same as the code you posted.
No i wasn't unless ( grep /^\Q$_\E$/, @menu_files ) works normally without me setting $_ to something( maybe it holds the value of the parameter select that iam checking with if rigth above this line?)
Anyway, before i see your post i switched it to unless( grep /^\Q$article\E$/, @menu_files )to be logical.

I didn't alter anything to the code(in encoding terms), i still think and believe that the original string and the returned one are exactly identical both in character appearance as well as in lengths equality.

I'll show the code as it is nows, so for you to see i didnt change a thing...

my @files = glob "$ENV{'DOCUMENT_ROOT'}/data/text/*.txt"; my @menu_files = map m{([^/]+)\.txt}, @files; Encode::from_to($_, 'ISO-8859-7', 'utf8') for @menu_files; print header( -charset=>'utf8' ); my $article = param('select') || "&#913;&#961;&#967;&#953;&#954;&#942; + &#931;&#949;&#955;&#943;&#948;&#945;!"; if ( param('select') ) { #If user selected an item from the drop dow +n menu unless( grep /^\Q$article\E$/, @menu_files ) #Unless user selecti +on doesn't match one of the valid filenames within @menu_files { if( param('select') =~ /\0/ ) { $article = "*Null Byte Injection* attempted & logged!"; print br() x 2, h1( {class=>'big'}, $article ); } if( param('select') =~ /\.\.\// ) { $article = "*Backwards Directory Traversal* attempted & logge +d!"; print br() x 2, h1( {class=>'big'}, $article ); } $select = $db->prepare( "UPDATE guestlog SET article=?, date=?, +counter=counter+1 WHERE host=?" ); $select->execute( $article, $date, $host ); exit 0; } Encode::from_to($article, 'utf8', 'ISO-8859-7'); #Convert user sel +ected filename to greek-iso so it can be opened open FILE, "<$ENV{'DOCUMENT_ROOT'}/data/text/$article.txt" or die $ +!; local $/; $data = <FILE>; close FILE; Encode::from_to($article, 'ISO-8859-7', 'utf8'); #Convert user sel +ected filename back to utf8 before inserting into db $select = $db->prepare( "UPDATE guestlog SET article=?, date=?, cou +nter=counter+1 WHERE host=?" ); $select->execute( $article, $date, $host ); } else { $select = $db->prepare( "SELECT host FROM guestlog WHERE host=?" ); $select->execute( $host ); if ($select->rows) { $select = $db->prepare( "SELECT host, DATE_FORMAT(date, '%a %d % +b, %h:%i') AS date, counter, article FROM guestlog WHERE host=?" ); $select->execute( $host ); $row = $select->fetchrow_hashref; $data = "&#922;&#945;&#955;&#974;&#962; &#942;&#955;&#952;&#949; +&#962; $host! &#935;&#945;&#943;&#961;&#959;&#956;&#945;&#953; &#960; +&#959;&#965; &#946;&#961;&#943;&#963;&#954;&#949;&#953;&#962; &#964;& +#951;&#957; &#963;&#949;&#955;&#943;&#948;&#945; &#949;&#957;&#948;&# +953;&#945;&#966;&#941;&#961;&#959;&#965;&#963;&#945;. &#932;&#949;&#955;&#949;&#965;&#964;&#945;&#943;&#945; +&#966;&#959;&#961;&#940; &#942;&#961;&#952;&#949;&#962; &#949;&#948;& +#974; &#969;&#962; $row->{host} &#963;&#964;&#953;&#962; $row->{date} + ! &#928;&#961;&#959;&#951;&#947;&#959;&#973;&#956;&#949;& +#957;&#959;&#962; &#945;&#961;&#953;&#952;&#956;&#974;&#957; &#949;&# +960;&#953;&#963;&#954;&#941;&#968;&#949;&#969;&#957; => $row->{counte +r} &#932;&#949;&#955;&#949;&#965;&#964;&#945;&#943;&#945; +&#949;&#943;&#948;&#949;&#962; &#964;&#959; &#954;&#949;&#943;&#956;& +#949;&#957;&#959; [ $row->{article} ] &#928;&#959;&#953;&#972; &#954;&#949;&#943;&#956;&#949; +&#957;&#959; &#952;&#945; &#956;&#949;&#955;&#949;&#964;&#942;&#963;& +#949;&#953;&#962; &#945;&#965;&#964;&#942;&#957; &#964;&#951;&#957; & +#966;&#959;&#961;&#940; !?"; $select = $db->prepare( "UPDATE guestlog SET date=?, counter=cou +nter+1 WHERE host=?" ); $select->execute( $date, $host ); } else { if ($host eq "Administrator") { $data = "&#915;&#949;&#953;&#940; &#963;&#959;&#965; &#925;&# +953;&#954;&#972;&#955;&#945;! &#928;&#974;&#962; &#960;&#940;&#957;&# +949; &#964;&#945; &#954;&#941;&#966;&#953;&#945;? ;-)"; } else { $data = "&#915;&#949;&#953;&#940; &#963;&#959;&#965; $host! &#904;&#961;&#967;&#949;&#963;&#945;&#953; &#947;&#9 +53;&#945; 1&#951; &#966;&#959;&#961;&#940; &#949;&#948;&#974; !! &#917;&#955;&#960;&#943;&#950;&#969; &#957;&#945; &# +946;&#961;&#949;&#943;&#962; &#964;&#945; &#954;&#949;&#943;&#956;&#9 +49;&#957;&#945; &#949;&#957;&#948;&#953;&#945;&#966;&#941;&#961;&#959 +;&#957;&#964;&#945; :-)"; } unless ($host eq "Administrator") { $select = $db->prepare( "INSERT INTO guestlog (host, date, ar +ticle, counter) VALUES (?, ?, ?, ?)" ); $select->execute( $host, $date, $article, 1 ); } } } for ($data) { #Replace special chars like single & double quotes to i +ts literally values s/\n/\\n/g; s/'/\\'/g; s/"/\"/g; tr/\cM//d; }
except the last statement(which you found silly) so the javascript file responsible to display the file's contents can understand it correctly and not to be mislead by single and double quotes, that's why iam escaping them. If i dont some of my articles could have been displayed(the ones wihout quoting data) but the rest majority no.

I decided to try as far as i could to make a single test script, which i actually embedded into my index.pl file, so to PROVE TO YOU my initial guess that there was no need of us to NOT expect the returned string as being the same as the original, hence no encoding being necessary to be performed. Here it is:

if ( param('select') ) { #If user selected an item from the drop dow +n menu unless( grep /^\Q$article\E$/, @menu_files ) #Unless user selecti +on doesn't match one of the valid filenames within @menu_files ......}} print param('select'), ' - ', length( param('select') ), br() x2; foreach( @menu_files ) { my $match = ($_ eq param('select')) ? "matches" : "fails to match"; + print $_, ' - ', length( $_ ), ' - ', $match, br; } Encode::from_to($article, 'utf8', 'ISO-8859-7'); open FILE, "<$ENV{'DOCUMENT_ROOT'}/data/text/$article.txt" or die $!; ........
As you can see iam checking the returned parameter against @menu_files so to see if when i print them they look the same and when i also print their lengths they are equal.

The result is the parameter string is identical to its corresponding item inside @menu_files.
Both strings are perl-internal utf8 flagged strings because when i print their lengths i get a number twice as much as the chars that consist the filename. For example if a filename is called "νίκος" i get length 10 before and after the submission, which means that both are stored in a utf8 perl internal manner/way.

So, after this i gather you agree with me that no encoding/decoding processes being necessary(still is a mystery why the strings weren't matching for some days, apart form the other problem i had with $data). As you can see above i didn't change the code from the day i created this thread until now except an else block. True?

ps1: Also you owe an apology for the fact that you said in your previous reply that i dont use your suggestion as i take it but i make up things from my mind and alter stuff. I hope you noticed that even if i changed it to better fit my program the functionality remained the same. Iam talking about using $article in decode instead of $selected_file(see previous post). You didn't mention anything about that....but as you see both ways worked the same.


Comment on Re^8: somethign wrong with the sumbit
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://660938]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (9)
As of 2014-10-30 12:47 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (207 votes), past polls