[AWS] Relative links

Darren New dnew@san.rr.com
Fri, 05 Dec 2003 08:05:54 -0800

Previous message: [AWS] Relative links
Next message: [AWS] Relative links
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

anders.wirzenius@wartsila.com wrote:
> <img src="/display_image?img=icons/adains.gif">
> where
> display_image ::= (in runme_CB.adb)
> ...
>       elsif URI = "/display_image" then
>          return Response.File 
>             (Content_Type  => "image/png",
>              Filename      => Parameters.Get(P_List, "img")
>              );
> ...

You also need to be careful with code like this that you don't have 
someone doing something like
http://display_image?img=/etc/passwd

Checking that Parameters.Get(P_List, "img") is a valid string (only one 
period, ends in ".gif", starts with "icons", etc) is a good idea.

-- 
Darren New, San Diego CA USA (PST)
The standard of success is not perfection.
The standard of success is the alternative.

Previous message: [AWS] Relative links
Next message: [AWS] Relative links
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]