Variabe managing problem
Hi, becouse unhappy of Orso's Changepassword for Squid, Apache and so on I
costructed a change password CGI from myself.
I created a simple HTML page with a post to the CGI
I use ProcCGIInput.sh to read POST input and the variables arrive ESCAPED
coded if some special char is inside.
ProcCGIInput.sh is from:
# Process input to a CGI script. Written and Copyright 1995 Frank Pilhofer
# You may freely use and distribute this code free of charge provided that
# this copyright notice remains.[EMAIL PROTECTED]
and I use it from time in many CGI done by me.
Now with BASH v2 I had serious problems if after a special char even ] or
) was numbers. The string is truncated or modified fucking off the change
password checks and fuctionality.
I taken BASH 3 and compiled with NO OPTIONS INconfigureand now 90%
of problems disappeared with no changing in the CGI code.
I had some problems with ] and so to printf I added %b
To eliminate escape sequences from ProcCGIInput.sh I use:
USER=`printf "$FORM_user"`
OLDP=`printf %b "$FORM_oldpw"`
NEWP1=`printf "$FORM_newpw1"`
NEWP2=`printf "$FORM_newpw2"`
Now, I had to remove ! as other chars becouse even with
all the good things that I had with %b and BASH v3 it create troubles!.
If inside the password is !1 or !2 and so on, the string is truncated at
the esclamation mark.
I use a simple WHILE to check chars to enforce policies
while [ $CONTA -lt $LUNG ]; do
ITEM=${PASS:$CONTA:1}
if [[ $ITEM == *[a-zA-Z] ]]; then
let CARAC=CARAC+1
OK=1
fi
if [[ $ITEM == *[0-9]* ]]; then
let NUMBER=NUMBER+1
OK=1
fi
if [ `echo $POSSIBLESC | fgrep "$ITEM"` != "" ]; then
let SPECI=SPECI+1
OK=1
fi
if [ "$OK" = "0" ]; then
BADP=1
fi
# printf ":::>$ITEM:$CONTA:$NEWP1:$FORM_new_pw1:$LUNG"
let CONTA=CONTA+1
OK=0
done
But becouse the string arrive modified obviously the user return a BAD
OLD PASSWORD or New PassWord not correct for policy rule xx
POSSIBLESC is the var where I putted all the special chars the user could
chose to create its new password.
For sure I'm an intermediate or beginner but I have this kind of problem
and I have seen that with BASH 3 90% of things has been solved.
Have I touse some code inside my script or is a problem of BASH?. How
could I treath a variable ONLY AS A CONTAINER not interpreted or modified
in any way from any kind of feature of BASH or from the system?.
Thanks about sugestions,
Best Regards,
Alberto Colosi
IBM Global Services
IBM Business Consulting Services
Sistemi Informativi S.P.A.
IT/ITS Division
IBM VTS Focal Point per SI
NetWork Control/Operations Center
(NetWork and Security [*Master] office)
SECURITY IS EVERYONE'S BUSINESS
___
Bug-bash mailing list
Bug-bash@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-bash
bug in builtins.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This bug is present in at least 3.0 and 3.1-beta1, and was reported by Bas von Gompel on the cygwin list. The bash_builtins.1 man page, when installed, needs to point to the installed name of the bash.1 man page to pull in that section by reference. - --- doc/bash_builtins.1~ 2005-10-15 21:27:52.0 +0200 +++ doc/bash_builtins.1 2005-10-15 21:44:33.77000 +0200 @@ -10,6 +10,6 @@ ulimit, umask, unalias, unset, wait \- bash built-in commands, see \fBbash\fR(1) .SH BASH BUILTIN COMMANDS .nr zZ 1 - -.so bash.1 +.so man1/bash.1 .SH SEE ALSO bash(1), sh(1) - -- Life is short - so eat dessert first! Eric Blake [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDUXN684KuGfSFAYARAr30AJ0S7rhawy87v1R0O0tAzFrStNTAwACbBPgZ UWj3qbmfivqh8Rb4Fjp9G2U= =06R0 -END PGP SIGNATURE- ___ Bug-bash mailing list Bug-bash@gnu.org http://lists.gnu.org/mailman/listinfo/bug-bash
