Friday, September 19, 2008

URL entities

<img src="http://www.workzonesafety.org/images/logobanner.jpg" />

%3Cimg+src%3Dhttp%3A%2F%2Fwww%2Eworkzonesafety%2Eorg%2Fimages%2Flogobanner%2Ejpg%3E

Monday, September 08, 2008

Right-brained Programming Guide

This has to be the most right-brained programming guide in the universe:

why's (poignant) guide to ruby


Why the lucky stiff uses these hilarious cartoons and stories to motivate his exposition. Why uses wild (dare I say poignant) metaphors as mnemonics for syntax rules.
E.g.:

Arrays

An array is a list surrounded by square brackets and separated by commas.

[1, 2, 3] is an array of numbers.

['coat', 'mittens', 'snowboard'] is an array of strings.

Think of it as a caterpillar which has been stapled into your code. The two square brackets are staples which keep the caterpillar from moving, so you can keep track of which end is the head and which is the tail. The commas are the caterpillar’s legs, wiggling between each section of its body.

Once there was a caterpillar who had commas for legs. Which meant he had to allow a literary pause after each step. The other caterpillars really respected him for it and he came to have quite a commanding presence. Oh, and talk about a philanthropist! He was notorious for giving fresh leaves to those less-fortunate.

Yes, an array is a collection of things, but it also keeps those things in a specific order.

Thursday, September 04, 2008

Once again, XSS vulnerabilities, and cool grep flags

My colleague, Jonathan Felder, has a talent for catching me out on XSS vulnerabilities in my PHP code (not using htmlspecialchars() on form inputs that are displayed as HTML).

Once again, when I asked an unrelated question about one of my scripts, he entered an <img> tag in a text field...and the image shows in the results page! Dang!

I fixed that one, but now I'm paranoid, so I'm going to check every form on 0ur site.

To find them, I grep'd for all instances of _REQUEST, _GET and _POST on the site, and learned a new uses for flags in grep:

[steve@www]$ grep -l -r -F '_REQUEST
> _POST
> _GET
> ' --include=*.php htdocs # returns a list of all php files with one of _REQUEST, _POST, _GET


-F can take a newline-separated list of fixed strings, any of which is to be matched.

-r only works with a directory argument, but you can then filter file-types with the --include=PATTERN flag to "Recurse in directories only searching file[s] matching PATTERN."

-l of course stops searching the file after the first match, and just prints the filename.

Now I can go through the resulting list and check that I'm handling form data OK.