Im designing a webserver as my first project on Ruby
I need help with this line
fileLine.sub(/..//, ‘’)
this is to remove any “…/” that occur due to users trying to brake in,
or by accident 
However, this only removes the first instance of the …/ how do I remove
every instance?
Many thanks
Stuart
gsub
On 6/5/06, Stuart B. [email protected] wrote:
However, this only removes the first instance of the …/ how do I remove
every instance?
I think you’re looking for gsub.
Encontrá a “Tu psicópata favorito” http://tuxmaniac.blogspot.com
Thou shalt study thy libraries and strive not to reinvent them without
cause,
that thy code may be short and readable and thy days pleasant and
productive.
– Seventh commandment for C programmers
Hi Stuart,
not sure if it is a good idea to handle security on this level, but
you can try gsub instead of sub to replace all occurrences.
Cheers,
Mariano
Thanks all, this worked fine
def self.path(path)
fileLine = path[1].strip
fileLine = fileLine.gsub(/.//, ‘’)
fileLine = fileLine.gsub(//./, ‘’)
fileLine = fileLine.gsub(/\/, ‘’)
fileLine = fileLine.gsub(/.{2,}/, ‘’)
fileLine = fileLine.gsub(//{2,}/, ‘’)
fileLine = “/srv/www/htdocs/” + fileLine
return fileLine
end
Is there a way of making it look prettier?
I’m trying to stop people using the address bar to access parts of the
system the should not
Many thanks all
Stuart
On Jun 5, 2006, at 10:45 AM, Stuart B. wrote:
return fileLine
endIs there a way of making it look prettier?
I’m trying to stop people using the address bar to access parts of the
system the should notMany thanks all
Stuart
def self.path(path)
[/.//, //./, /\/, /.{2,}/, //{2,}/].each do |exp|
fileLine.gsub!(exp, ‘’)
end
“/srv/www/htdocs/” + fileLine
end
On Jun 5, 2006, at 9:45 AM, Stuart B. wrote:
return fileLine
endIs there a way of making it look prettier?
Perhaps:
def self.path(path)
path.first.strip.
gusb(…).
gsub(…).
…
end
Again, Ruby naming conventions are file_line, not fileLine. Have to
start adopting typical Ruby style so you can get Rubyists interested
in your web server.
James Edward G. II
Stuart B. wrote:
return fileLine
endIs there a way of making it look prettier?
I’m trying to stop people using the address bar to access parts of the
system the should not
In addition to what others have said, have a look at File.expand_path.
Stuart B. wrote:
Is there a way of making it look prettier?
I’m trying to stop people using the address bar to access parts of the
system the should not
Stuart,
why do you try to solve this problem on the string level?
Wouldn’t it make more sense to rely on the OS authorization scheme?
On Unix you can set permissions on files and directories. You can also
start a server using chroot so that nobody can break out (i.e. go up) of
the designated directory/sandbox.
If you go for the string way, you might need to check if different
encodings of URIs can bust you regexps.
Cheers,
Mariano
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Stuart B.
Subject: New webserverIm designing a webserver as my first project on Ruby
I need help with this line
fileLine.sub(/..//, ‘’)
If you want to write a http server, read the http specification and go
from there. Trying to sanitise a url with regexs WILL leave you with
security holes. If you’re writing anything for which there’s a
specification, read the specification carefully and implement
(preferably test-first) from that. The specification writers are much
smarter than you, and will have thought of many things that you will not
think of until it’s too late.
Regexs are GREAT for all sorts of string manipulation tasks, but they’re
the wrong tool for parsing even a mildly complex language. Parse the
input using a proper parser.
That said, as long as you never, ever plan on exposing this thing to the
public internet, have fun learning.
Hi all, not to worry, I’ll start a new thread with this one as its going
off subject
Many thanks
Stuart
Thanks everyone for your help
I have another question, Can I use Ruby threads to have more then 1
server process running on the same port
something like
require ‘socket’
port = (ARGV[0] || 80).to_i
server = TCPServer.new(‘localhost’, port)
threads = []
10.times do |i|
threads[i] = Thread.new {
while (session = server.accept)
puts “Request: #{session.gets}”
session.print “HTTP/1.1 200/OK\r\nContent-type: text/html\r\n\r\n”
session.print “
Would this produce 10 processes that could take independent connection?
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs