Re: [Active4d-dev] Sanitize text and escaping characters

[Michael Check]

Specifically, a text form field contains quote characters and when
sent (unescaped and unsanitized) as part of the body text in the
Sendmail library routines, we get a blank screen as a response and the
mail is not sent.

Here is the log entry at that point:

May 07 11:07:46 Active4D: [debug] interpreter: loaded library "a4d.utils"
May 07 11:07:46 Active4D: [error] A ")" was expected: <anonymous text>, line 1
" test "

Here is a snip of the code we are now using:

        //header and footer
        if([EM_event]emailHeader>"")
                $emailHeader:=replace 
string([EM_event]emailHeader;char(13)+char(10);"\\n")
                $emailHeader:=replace string($emailHeader;char(10);"")
                $body := replace 
string($body;"$emailHeader";$emailHeader+"\\n\\n")
                //a4d.debug.dump locals
        else
                $body := replace string($body;"$emailHeader";"")
        end if
        
        if([EM_event]emailFooter>"")
                $emailFooter:=replace 
string([EM_event]emailFooter;char(13)+char(10);"\\n")
                $emailFooter:=replace string($emailFooter;char(10);"")
                $body := replace 
string($body;"$emailFooter";$emailFooter+"\\n\\n")
        else
                $body := replace string($body;"$emailFooter";"")
        end if
        
        $text := "!write(\"" + $subject + "\\n" + $body + "\")"
        

if($G_IS_PRODUCTION)
        for($i;1;size of array(session{"emailTo"}))  // send to everyone in
the To Address Array
                a4d.utils.sendMail ($text; $G_SMTP_MAIL_FROM; 
session{"emailTo"}{$i})
        end for
else
        a4d.utils.sendMail ($text; $G_SMTP_MAIL_FROM; $G_SMTP_DEV_SEND_TO)
end if


We also had an issue with CRs and LFs coming from db text fields where
it would break without the proper LF and CR filtering.  Our (hopefully
permanent) solution for that is included in the code above (around
text field [EM_event]emailHeader and [EM_event]emailFooter).

So we're looking for something large in scope that does all the
sanitizing and escaping of known characters for posted form fields,
just like commands and and builtins for javascript and php
(strip_tags, etc.)

Thanks,

Michael Check



On Fri, May 7, 2010 at 10:56 AM, Aparajita Fishman
<aparaj...@aparajitaworld.com> wrote:
>> sent with the A4D Sendmail routines.  We are having trouble with
>> non-escaped quotes and other characters that need escaping or
>> filtering.
>
> What kind of trouble are you having?
>
> Kind regards,
>
>   Aparajita
>   www.aparajitaworld.com
>
>   "If you dare to fail, you are bound to succeed."
>   - Sri Chinmoy   |   www.srichinmoy.org
>
> _______________________________________________
> Active4D-dev mailing list
> Active4D-dev@aparajitaworld.com
> http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
> Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
>
_______________________________________________
Active4D-dev mailing list
Active4D-dev@aparajitaworld.com
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/