gtzpower
-
Posts
9 -
Joined
-
Last visited
Never
Posts posted by gtzpower
-
-
Thanks for the reply, however, now nothing with an 'r' or an 'n' is allowed through. e.g. "rob@web.com" is resulting in an error. Any other thoughts?
-
still have the same issue even with that one.
I think it has something to do with the POST var holding a literal value. For example, if I run:
if($_POST['email'] == "\r\n") { echo "dub"; } if($_POST['email'] == '\r\n') { echo "sin"; }
'sin' is echoed. So, my "" around the regEx is looking for a whitespace character of carriage return\new line, while I am giving it the literal of '\r\n'. I still don't know how to get around this though
-
can anyone help me with this simple RegEx test?
Here's my code:
if (eregi("(\r|\n)", $_POST['email'])) { // block email injection attacks die("An error has occurred. Please verify that you have submitted a valid email address."); } else { echo $_POST['email']; }
the resulting page shows \r\n (when I submit \r\n for the email address). I can't get the die to execute! However, if I do this:
if (eregi("(\r|\n)", "\r\n")) { //Note the elimination of the POST var
the evaluation is true. Any hints?
-
Some further stuff regarding pulling an attachment from a soap response. I noticed the binary data in my case was surrounded by %PDF-1.4 ......... %%EOF. So I tried the following and I'll be darned if it didn't work I searched all over the net trying to find a way to pull soap attachments without the soap functionality, then decided to just try stuff. Not sure how consistently reliable it will be, but maybe someone will find it useful...
<?php // Show me the result //var_dump($data); $fp = fopen( './file.pdf', 'wb' ); fwrite( $fp, substr($data,strpos($data,"%PDF-1.4"),(strpos($data,"%%EOF") - strpos($data,"%PDF-1.4") + 5))); fclose( $fp ); curl_close($ch); ?>
-
For future readers, this may be of use.
<?php $credentials = "username:password"; // Read the XML to send to the Web Service $request_file = "./SampleRequest.xml"; $fh = fopen($request_file, 'r'); $xml_data = fread($fh, filesize($request_file)); fclose($fh); $url = "http://www.myservicehost.com/services/calculation"; $page = "/services/calculation"; $headers = array( "POST ".$page." HTTP/1.0", "Content-type: text/xml;charset=\"utf-8\"", "Accept: text/xml", "Cache-Control: no-cache", "Pragma: no-cache", "SOAPAction: \"run\"", "Content-length: ".strlen($xml_data), "Authorization: Basic " . base64_encode($credentials) ); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 60); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_USERAGENT, $defined_vars['HTTP_USER_AGENT']); // Apply the XML to our curl call curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $xml_data); $data = curl_exec($ch); if (curl_errno($ch)) { print "Error: " . curl_error($ch); } else { // Show me the result var_dump($data); curl_close($ch); }?>
-
-
Thanks for the reply, but I think we're on opposite sides of the fence. Your code is for the server side while mine is for the client side. I am connecting to a web service that requires HTTP authentication. I have to pass the credentials to the remote server to the web service.
-
Can anyone tell me why, when using the code below, our server logs are not showing the authorization headers being sent? Any recommendations on how to get it working? Thanks!
$credentials = "calcuser:testpwd"; header("POST /svcs/CalculationEng HTTP/1.0"); header("Content-Type: text/xml; charset=utf-8"); header("Accept: application/soap+xml, application/dime, multipart/related, text/*"); header("Cache-Control: no-cache"); header("Pragma: no-cache"); header("SOAPAction: \"run\""); header("Content-Length: 2815"); header("Authorization: Basic " . base64_encode($credentials));
Blocking email injection, why wont this SIMPLE RegEx work?
in PHP Coding Help
Posted
Thanks! That works for \r or \n, but unfortunately it won't work for %0A, etc.. I guess what I am really asking is why is it that the regular expressions for testing this stuff that I can find on umpteen billion sites are not working on mine? Is there a php setting for post vars that needs changed or something? I would ideally like to search for the whitespace character rather than searching for every possible way of creating the whitespace character