[AWS] Relative links

Pascal Obry p.obry@wanadoo.fr
Fri, 5 Dec 2003 19:06:50 +0100

Previous message: [AWS] Relative links
Next message: [AWS] Cheap Linux AWS Hosting provider
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Darren,

 > anders.wirzenius@wartsila.com wrote:
 > > <img src="/display_image?img=icons/adains.gif">
 > > where
 > > display_image ::= (in runme_CB.adb)
 > > ...
 > >       elsif URI = "/display_image" then
 > >          return Response.File 
 > >             (Content_Type  => "image/png",
 > >              Filename      => Parameters.Get(P_List, "img")
 > >              );
 > > ...
 > 
 > You also need to be careful with code like this that you don't have 
 > someone doing something like
 > http://display_image?img=/etc/passwd
 > 
 > Checking that Parameters.Get(P_List, "img") is a valid string (only one 
 > period, ends in ".gif", starts with "icons", etc) is a good idea.

Indeed, it is recommended to always use "WWW_Root & Filename". See AWS.Config
to get the WWW_Root value and the corresponding documentation on how working
with the configuration files.

For example see how AWS.Services.Page_Server is implemented.

Pascal.

-- 

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--|         http://perso.wanadoo.fr/pascal.obry
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver wwwkeys.pgp.net --recv-key C1082595

Previous message: [AWS] Relative links
Next message: [AWS] Cheap Linux AWS Hosting provider
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]