On 07/02/07, Linas S. <[EMAIL PROTECTED]> wrote: > Hello, > > I try to make online Bible script using diatheke. I got problem- security. > Users can put everything in a search box on the web page, e.g.: > Jesus;ls /etc > If I run such the command: > diatheke -b KJV -s phrase -k Jesus; ls /etc > I will get list of /etc directory. > I could check user input for characters other than letters a - z, but > users can enter Greek text or Hebrew. > Is here any "safe" way of using diatheke?
You should quote the search key like the perl cgi script does (iirc) e.g. diatheke -b KJV -s phrase -k 'Jesus; ls /etc' Regards, Daniel _______________________________________________ sword-devel mailing list: sword-devel@crosswire.org http://www.crosswire.org/mailman/listinfo/sword-devel Instructions to unsubscribe/change your settings at above page