We have a problem in a specific server. All plus signs posted to the application are replaced with spaces - that's in POST and GET, and on all pages on that site.
As a test case I have this little page (it's an ASP server):
<html>
<body>
<form method="post">
<input type="text" name="Plus" id="Plus" />
<input type="submit" />
</form>
Previous Value: <%= request("Plus") %><br />
Query String: <%= request.querystring %>
</body>
</html>
On every other server this works well, but on one server pluses are replaced with spaces.
Example: for the input "1 2+3" - request("Plus") is "1 2 3", and the Query String is "1+2+3". No good. Other characters seem to be decoding correctly.
It should be said someone had tried to 'harden' this server against attacks, so obscure IIS options may be turned on (though we did remove the ISAPI filter).
Thanks.
UPDATE:
It turns out there's another filter installed, the SQL Injection Filter ISAPIClipSQLInjection.dll from http://www.codeplex.com/IIS6SQLInjection .
The filter is buggy - it replaces valid characters from POST and GET:
Plus signs are replaced with spaces: "1%2B2" -> "1+2", same as "1 2"
Semicolons are replaced with Commas: "hello;" -> "hello,"
A newer version of the filter (2.0b) does not fix this, but allows to exclude certain pages. Since it is installed in production we decided not to remove the filter, we used javascript to change all pluses to "+ " (with space and not a semicolon).
Not the optimal solution, but that's what the boss wanted.
Consider Ascii Code. In the place of a plus sign use its ascii code.It would be chr(43). Both asp and sql would understand this.
here is a table with all ascii codes.
http://www.asciitable.com/
Well, this also confused me. till I saw this post: Server.URLEncode started to replace blank with plus ("+") instead of percent-20 ("%20")
in short:
RFC-1866 (around 1995), declared that blank " " should be parsed to "+" in request body.
RFC-3986 (2005, Jan) declared that blank " "should be parsed to "%20"
and in ASP framework, it supports the RFC-1866, and sometimes mixed RFC-3986(seems) , so the parameter %2b firstly converted to + (normal ascii/urldecode rule , then it converted to ( RFC-1866 rule )
This is my guess, I don't care old-dead tech, for more details, see
Related
I have a problem that seems to be caused by resources being called with img tags that look like this:
<img
class="alignnone size-full"
title="some title"
src="https://new.url.com/some.jpeg" alt="" width="612" height="408"
srcset="https://new.url.com/some.jpeg 612w, https://old.url.com/some-300x200.jpg 300w"
sizes="(max-width: 612px) 100vw, 612px">
ProxyHTMLURLMap successfully replaces the first URL within the attribute "srcset" but never more than the first.
I don't see anything in the manual that could address this, any help is much appreciated.
I am interested in any open source Linux compatible solutions even if outside Apache.
Thanks!
I found a limited workaround for this issue.
If each ProxyHTMLURLMap can replace only one matched occurrence, we need to add more directives like that.
ProxyHTMLURLMap "https://old.url.com/" "https://new.url.com/" Rl
ProxyHTMLURLMap " https://old.url.com/" " https://new.url.com/" Rl
ProxyHTMLURLMap ", https://old.url.com/" ", https://new.url.com/" Rl
ProxyHTMLURLMap "w, https://old.url.com/" "w, https://new.url.com/" Rl
These four directives can replace up to 4 instances of https://old.url.com
"R" flag is needed to process regular expressions.
"l" flag is needed to avoid stopping after first (second, third) match occurs.
It seems to work for me.
I am using JSF 2.0 and I have text field as
<h:form>
<h:inputText value="#{myBean.myValue}" />
<h:commandButton value="Submit" action="#{myBean.printMe()}" />
</h:form>
public void printMe() {
System.out.println("first line==" + myValue + "==");
System.out.println("second line==يشسيبشسيبشسيبشيس==");
}
When I run this project and enter يشسيبشسيبشسيبشيس in textbox, in IDE console I see as below.
INFO: first line==????????????????==
INFO: second line==????????????????==
Any idea why this is happening?
This is caused by using the wrong console encoding.
The line
System.out.println("My Data is " + fullName);
prints to the standard output (stdout). You need to configure it to use UTF-8 as well. Assuming that you're using Eclipse, then you need to change the stdout encoding to UTF-8 by Window > Preferences > General > Workspace > Text File Encoding.
If you're using Netbeans, which I can't answer from top of head, head to this answer: hebrew appears as question marks in netbeans which contains a link to this Netbeans Wiki which mentions the following:
To change the language encoding for a project:
Right-click a project node in the Projects windows and choose Properties.
Under Sources, select an encoding value from the Encoding drop-down field.
See also:
Unicode - How to get the characters right?
Unrelated to the concrete problem, those lines in the filter are unnecessary
res.setCharacterEncoding("UTF-8");
res.setContentType("text/html;charset=utf-8");
They defaults in case of JSF2/Facelets to proper values already. Remove those lines.
If the data comes from a DB, please check the field datatype is nvarchar.
So on the command line in linux I am trying to search some HTML code and print just a dynamic part of the code. For example this code
<p><span class="RightSideLinks">Tel: 090 97543</span></p>
I would just want to print 97543 not the 090. The next time I search the file the code might have changed to
<p><span class="RightSideLinks">Tel: 081 82827</span></p>
And I just want the 82827. The rest of the code stays the same just the phone numbers change.
Can I use grep to do this?
Thanks
Edit:
Would it be possible to use it on this code too?
<tr class="patFuncEntry"><td align="left" class="patFuncMark"><input type="checkbox" name="renew0" id="renew0" value="i1061700" /></td><td align="left" class="patFuncTitle"><label for="renew0"> I just want to print this part. </label>
What changes on that is the record number: p1234567~S0" and the text that I want to print.
One way using GNU grep:
grep -oP '(?<=Tel: .{3} )[^<]+' file.txt
Example contents of file.txt:
<p><span class="RightSideLinks">Tel: 090 97543</span></p>
<p><span class="RightSideLinks">Tel: 081 82827</span></p>
Results:
97543
82827
EDIT:
(?<=Tel: .{3} ) ## This is a positive lookbehind assertion, which to be
## interpreted must be used with grep's Perl regexp flag, '-P'.
Tel: .{3} ## So this is what we're actually checking for; the phrase 'Tel: '
## followed by any character exactly three times followed by a
## space. Since we're searching only for numbers you could write
## 'Tel: [0-9]{3} ' instead.
[^<]+ ## Grep's '-o' flag enables us to return exactly what we want,
## rather than the whole line. Therefore this expression will
## return any character except '<' any number of times.
Putting it all together, we're asking grep to return any character except '<'
any number of times if we can find 'Tel: .{3} ' immediately ahead of it. HTH.
I know that normal script tags can't self close, and I know less of vimscript than I might. I have been working with a custom XML templating language quite similar to HTML, and have been using the HTML mode along with the file ~/.vim/after/syntax/html.vim:
syn region javaScript start=+<is:PageComponents:Script[^>]*>+ keepend end=+</is:PageComponents:Script>+me=s-1 contains=#htmlJavaScript,htmlCssStyleComment,htmlScriptTag,#htmlPreproc
syn region htmlScriptTag contained start=+<is:PageComponents:Script+ end=+>+ contains=htmlTagN,htmlString,htmlArg,htmlValue,htmlTagError,htmlEvent
The problem that I am experiencing is "spillover" of the highlighting region until the end of the file or the next closing script tag.
I have attempted changing start to: +<is:PageComponents:Script[^>]*\(\\\)\#<!>+, and +<is:PageComponents:Script[^>]*[^\\]>+, neither of which make a difference. As far as I understand regexes, the negative lookbehind should have been an ideal solution, and the one character match should have forced the greedy star to back off one character, resulting in failure. Replacing the * with \{-} for ungreedy behavior has the same result. What am I missing?
In case it's relevant, I'm running vim in Cygwin's mintty (type is xterm-256color), shell is bash, color scheme is solarized.
Edit: Adding sample of our markup language
<is:PageComponents:Template title="Page Title" controller="controller">
<is:PageComponents:Script src="/path/jsfile.js" />
<is:PageComponents:Style src="cssfile.css" />
<is:Containers:Box label="Box Label">
<is:DataGridComponents:DataGrid id="data_grid_id" data_provider="data_provider" keep_state="true">
<is:DataGridComponents:DataGridHeader />
<is:DataGridComponents:Columns strip_placeholders="false" id="%%id%%_row">
<is:DataGridComponents:Column header_title="Links Header">
<span class="popup-link popup-link-type1" id="type1_%%id%%">Type 1</span> |
<span class="popup-link popup-link-type2" id="type2_%%id%%">Type 2</span>
</is:DataGridComponents:Column>
<is:DataGridComponents:Column header_title="Data1">%%data1%%</is:DataGridComponents:Column>
<is:DataGridComponents:Column header_title="Data2">%%data2%%</is:DataGridComponents:Column>
</is:DataGridComponents:Columns>
<is:DataGridComponents:DataGridFooter>
<is:DataGridComponents:Pager id="pager_id" data_provider="pager_data_provider" for_component="data_grid_id" />
<is:Containers:Box id="footer_box_id" data_provider="footer_box_data_provider">Text: %%data%%</is:containers:box>
</is:DataGridComponents:DataGridFooter>
</is:DataGridComponents:DataGrid>
</is:Containers:Box>
<is:PageComponents:Script location="onready">
{literal}
// Insert literal JavaScript code here for the page
{/literal}
</is:PageComponents:Script>
{include file="path/file1.tpl"}
{include file="path/file2.tpl"}
</is:PageComponents:Template>
Both of my patterns worked correctly when I switched to using / instead of \ in my match.
The corrected patterns are:
+<is:PageComponents:Script[^>]*\(/\)\#<!>+ and
+<is:PageComponents:Script[^>]*[^/]>+.
I have a web application that takes input from a user, usually in the form of a filepath, hyperlink, or fileshare, but not always. A user may enter "\my.fileshare.com", "http://www.msdn.com", or "In my file cabinent". These inputs are exported to a Excel file. However, if the input is in the form of "\look on my desk" or "http://here it is" (notice the spaces), after the file is exported, and opened, Excel raises the ever so descriptive error message of, and I quote, "Error".
I'm adding to the existing code a regular expression validator to the textbox the user enters and edits these locations in. Because there are a large number of existing entries, the validator needs to be specific as possible, and only toss out the inputs that cause the Excel export to break. For example "\Will Work" will work, as will "Will Work", and "\This\will also work". I need a regular expression that if the string starts with \, http://, https://, ftp://, ftps://, the server or fileshare name does not have a space in it, and if it does not start with the \, http://, https://, ftp://, ftps://, its fine regardless.
I've been able to write the first part
^(\\)[^ \]+(\.)$|^(((ht|f)tp(s)?)://)[^ /]+(/.)$
but I can't figure out how to say ignore everything if it does not start with \, http://, https://, ftp://, ftps://.
^(?:(?:\\|(?:ht|f)tps?://)\S+|(?!\\|(?:ht|f)tps?://).*)$
Explained:
^ # start-of string
(?: # begin non-capturing group
(?:\\|(?:ht|f)tps?://)\S+ # "\, http, ftp" followed by non-spaces
| # or
(?!\\|(?:ht|f)tps?://).* # NOT "\, http, ftp" followed by anything
) # end non-capturing group
$ # end-of-string
This is pure, unescaped regex. Add character escaping according to the rules of your environment.
EDIT: Ooops premature.
This expression still doesn't allow "http://www.google.com/hello world" :/
EDIT FOR A THIRD TIME
Here we go!
^(?:(?:\\|(?:ht|f)tps?://)[^ /\]+([/\].)?|(?!\\|(?:ht|f)tps?://).)$