Can someone please approve and commit this patch? Original issue:
The input validation that occurs in the CheckString method in /mcs/class/System.Web/System.Web/HttpRequest.cs is far more strict than Microsoft's. In this case, I would tend to say that Mono's validation is safer, but it might be excessive. After extensive testing, here is the CheckString method that matches MS's version: using System.Text.RegularExpressions; static bool CheckString (string val) { Regex regex = new Regex("<[a-zA-Z\\!]+"); Match match = regex.Match(val); return match.Success; } -----Original Message----- From: Edward C. Eisenbrey Sent: Thursday, February 16, 2006 9:13 AM To: 'Eyal Alaluf' Cc: mono-devel-list@lists.ximian.com Subject: RE: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest You're right, that seems to work just as well. The updated patch file is attached. -----Original Message----- From: Eyal Alaluf [mailto:[EMAIL PROTECTED] Sent: Thursday, February 16, 2006 4:29 AM To: Edward C. Eisenbrey Cc: mono-devel-list@lists.ximian.com Subject: Re: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest Hi, Edward. Is it not enough to use: "<[a-zA-Z\\!]" as the RegEx instead of "<[a-zA-Z\\!]+"? It works much faster (since RegEx tries always for the biggest match possible) and it does exactly the same thing. Eyal. On Wed, 15 Feb 2006, Edward C. Eisenbrey wrote: > Date: Wed, 15 Feb 2006 13:44:50 -0500 > From: Edward C. Eisenbrey <[EMAIL PROTECTED]> > To: mono-devel-list@lists.ximian.com > Subject: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest > > Attached is the patch including all the changes mentioned. > > > -----Original Message----- > From: Joshua Kugler [mailto:[EMAIL PROTECTED] > Sent: Monday, February 13, 2006 5:12 PM > To: mono-devel-list@lists.ximian.com > Subject: Re: [Mono-dev] MS/Mono incompatibility in > System.Web.HttpRequest > > On Monday 13 February 2006 12:49, Luca wrote: >> Il Mon, Feb 13, 2006 at 11:20:53AM -0900, Joshua Kugler ha scritto: >>> On Monday 13 February 2006 11:12, Alex Chudnovsky wrote: >>>> Edward C. Eisenbrey wrote: >>>>> using System.Text.RegularExpressions; >>>>> >>>>> static bool CheckString (string val) >>>>> { >>>>> Regex regex = new Regex("<[a-zA-Z\\!]+"); >>>>> Match match = regex.Match(val); >>>>> return match.Success; >>>>> } >>>> >>>> Pardon my instrusion, but would it not be better performance wise > to >>>> create static instance of the regexp to avoid doing it every time >>>> CheckString called? Ie: >>>> >>>> static Regex regex = new Regex("<[a-zA-Z\\!]+"); >>>> >>>> static bool CheckString (string val) >>>> { >>>> >>>> Match match = regex.Match(val); >>>> return match.Success; >>>> } >>> >>> Or at least declare it static in the sub (I assume you can do that)? >> >> Well, no :) The "sub" is a method, so the regex object must be a > static >> member of the class. Back on the original topic, if that codepath is > realy >> performance critical you can even compile the Regex: > > Ah! I missed the part about the method being part of a class. Yes, a > static > class member would probably be best. > > j----- k----- > > -- > Joshua Kugler PGP Key: http://pgp.mit.edu/ > CDE System Administrator ID 0xDB26D7CE > http://distance.uaf.edu/ > _______________________________________________ > Mono-devel-list mailing list > Mono-devel-list@lists.ximian.com > http://lists.ximian.com/mailman/listinfo/mono-devel-list > > > >
file.diff
Description: file.diff
_______________________________________________ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list