RE: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest

2006-03-20 Thread Chris Toshok
On Fri, 2006-03-17 at 19:58 -0500, Gonzalo Paniagua Javier wrote: On Fri, 2006-03-10 at 09:53 -0500, Chris Toshok wrote: I just read in the Shackow's asp.net 2.0 security book about this, actually. He says that the three sequences that result in rejecting a string are: 1. a

RE: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest

2006-03-20 Thread Gonzalo Paniagua Javier
On Mon, 2006-03-20 at 15:41 -0500, Chris Toshok wrote: I added the unicode character for '', but didn't put checks in for either '' or its corresponding unicode. Are those really an issue? No, they are not. The blocking seems to be enough. -Gonzalo

RE: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest

2006-03-18 Thread Gonzalo Paniagua Javier
On Fri, 2006-03-10 at 09:53 -0500, Chris Toshok wrote: I just read in the Shackow's asp.net 2.0 security book about this, actually. He says that the three sequences that result in rejecting a string are: 1. a followed by a ! 2. a followed by the letters a-z (upper or lowercase)

RE: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest

2006-03-10 Thread Chris Toshok
-list@lists.ximian.com Subject: RE: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest You're right, that seems to work just as well. The updated patch file is attached. -Original Message- From: Eyal Alaluf [mailto:[EMAIL PROTECTED] Sent: Thursday, February 16

RE: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest

2006-03-06 Thread Edward C. Eisenbrey
; } -Original Message- From: Edward C. Eisenbrey Sent: Thursday, February 16, 2006 9:13 AM To: 'Eyal Alaluf' Cc: mono-devel-list@lists.ximian.com Subject: RE: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest You're right, that seems to work just as well. The updated patch

RE: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest

2006-03-06 Thread Miguel de Icaza
Hello, Can someone please approve and commit this patch? Rewrite without using Regexp, which is a lot slower than the current code. Miguel Original issue: The input validation that occurs in the CheckString method in /mcs/class/System.Web/System.Web/HttpRequest.cs is far more strict than

Re: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest

2006-02-17 Thread Paolo Molaro
: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest Hi, Edward. Is it not enough to use: [a-zA-Z\\!] as the RegEx instead of [a-zA-Z\\!]+? It works much faster (since RegEx tries always for the biggest match possible) and it does exactly the same thing. Doing the check

Re: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest

2006-02-16 Thread Eyal Alaluf
-0500 From: Edward C. Eisenbrey [EMAIL PROTECTED] To: mono-devel-list@lists.ximian.com Subject: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest Attached is the patch including all the changes mentioned. -Original Message- From: Joshua Kugler [mailto:[EMAIL PROTECTED

RE: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest

2006-02-16 Thread Edward C. Eisenbrey
wrote: Date: Wed, 15 Feb 2006 13:44:50 -0500 From: Edward C. Eisenbrey [EMAIL PROTECTED] To: mono-devel-list@lists.ximian.com Subject: [Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest Attached is the patch including all the changes mentioned. -Original Message

[Mono-dev] [PATCH] MS/Mono incompatibility in System.Web.HttpRequest

2006-02-15 Thread Edward C. Eisenbrey
Attached is the patch including all the changes mentioned. -Original Message- From: Joshua Kugler [mailto:[EMAIL PROTECTED] Sent: Monday, February 13, 2006 5:12 PM To: mono-devel-list@lists.ximian.com Subject: Re: [Mono-dev] MS/Mono incompatibility in System.Web.HttpRequest On Monday