[AWS] Relative links

anders.wirzenius@wartsila.com anders.wirzenius@wartsila.com
Thu, 11 Dec 2003 09:47:18 +0200

Previous message: [AWS] Cheap Linux AWS Hosting provider
Next message: [AWS] beginning AWS problems
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Darren New [mailto:dnew@san.rr.com] wrote:

> anders.wirzenius@wartsila.com wrote:
> > <img src=3D"/display_image?img=3Dicons/adains.gif">
> > where
> > display_image ::=3D (in runme_CB.adb)
> > ...
> >       elsif URI =3D "/display_image" then
> >          return Response.File=20
> >             (Content_Type  =3D> "image/png",
> >              Filename      =3D> Parameters.Get(P_List, "img")
> >              );
> > ...
>=20
> You also need to be careful with code like this that you don't have=20
> someone doing something like http://display_image?img=3D/etc/passwd
>=20
> Checking that Parameters.Get(P_List, "img") is a valid string=20
> (only one=20
> period, ends in ".gif", starts with "icons", etc) is a good idea.
>=20

I don=B4t at present work on a _n_x, but on WinXP, but you are right, it =
is possible to display a text file using ... Content_Type =3D> =
"image/png", Filename =3D> <text file>.

Thanks for the hint.=20

Anders

Previous message: [AWS] Cheap Linux AWS Hosting provider
Next message: [AWS] beginning AWS problems
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]