Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Require that all POST parameters have lower-case alphanumeric names. Ignore any POST parameter that have upper-case letters or special characters in their names. See forum post 5220ee9ac0. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
27c4c3a75ef1944f99895f3578158193 |
| User & Date: | drh 2021-11-26 12:23:25.066 |
Context
|
2021-11-26
| ||
| 12:27 | Update the built-in SQLite to the latest 3.37.0 beta. (check-in: 66bdd66cee user: drh tags: trunk) | |
| 12:23 | Require that all POST parameters have lower-case alphanumeric names. Ignore any POST parameter that have upper-case letters or special characters in their names. See forum post 5220ee9ac0. (check-in: 27c4c3a75e user: drh tags: trunk) | |
|
2021-09-20
| ||
| 12:10 | Enhance the wapp-reply-code command so that if given the argument of just "ABORT" Wapp will drop the TCP/IP connection without sending any reply at all. (check-in: a8fb6ca1fd user: drh tags: trunk) | |
Changes
Changes to examples/fileupload.tcl.
| ︙ | ︙ | |||
30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
}
# NB: You must set enctype="multipart/form-data" on your <form> in order
# for file upload to work.
wapp-trim {
<p><form method="POST" enctype="multipart/form-data">
File To Upload: <input type="file" name="file"><br>
<input type="checkbox" name="showenv" value="1">Show CGI Environment<br>
<input type="submit" value="Submit">
</form></p>
<p><a href='%html([wapp-param SCRIPT_NAME])/self'>Show the script
that generates this page</a></p>
}
# Ordinary query parameters come through just like normal
if {[wapp-param showenv 0]} {
| > > > > | 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
}
# NB: You must set enctype="multipart/form-data" on your <form> in order
# for file upload to work.
wapp-trim {
<p><form method="POST" enctype="multipart/form-data">
File To Upload: <input type="file" name="file"><br>
<input type="checkbox" name="showenv" value="1">Show CGI Environment<br>
<input type="hidden" name="PARAM1"
value="Post parameter with non-lowercase names are suppressed">
<input type="hidden" name="param2.value"
value="Post parameters with non-lowercase names are suppressed">
<input type="submit" value="Submit">
</form></p>
<p><a href='%html([wapp-param SCRIPT_NAME])/self'>Show the script
that generates this page</a></p>
}
# Ordinary query parameters come through just like normal
if {[wapp-param showenv 0]} {
|
| ︙ | ︙ |
Changes to wapp.tcl.
| ︙ | ︙ | |||
594 595 596 597 598 599 600 |
while {[string length $body]} {
set idx [string first $divider $body]
set unit [string range $body 0 [expr {$idx-3}]]
set body [string range $body [expr {$idx+$ndiv+2}] end]
if {[regexp {^Content-Disposition: form-data; (.*?)\r\n\r\n(.*)$} \
$unit unit hdr content]} {
if {[regexp {name="(.*)"; filename="(.*)"\r\nContent-Type: (.*?)$}\
| | > | > | 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 |
while {[string length $body]} {
set idx [string first $divider $body]
set unit [string range $body 0 [expr {$idx-3}]]
set body [string range $body [expr {$idx+$ndiv+2}] end]
if {[regexp {^Content-Disposition: form-data; (.*?)\r\n\r\n(.*)$} \
$unit unit hdr content]} {
if {[regexp {name="(.*)"; filename="(.*)"\r\nContent-Type: (.*?)$}\
$hdr hr name filename mimetype]
&& [regexp {^[a-z][a-z0-9]*$} $name]} {
dict set wapp $name.filename \
[string map [list \\\" \" \\\\ \\] $filename]
dict set wapp $name.mimetype $mimetype
dict set wapp $name.content $content
} elseif {[regexp {name="(.*)"} $hdr hr name]
&& [regexp {^[a-z][a-z0-9]*$} $name]} {
dict set wapp $name $content
}
}
}
}
}
}
|
| ︙ | ︙ |