Mailing list home
  Find posts   Help

Latest messageRecent messages

Other threads:
 Prev: Who owns the fish?
 Next: There is CATCH in Rebol

 Random thread

Indexes:
 By topic
 By date
 By author
 By subject
Join the Mailing List....
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
26-Apr 15:20 UTC
[0.07] 14.138k
Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

path question

 [1/8] from: kpeters:vu-ware at: 7-Aug-2005 13:05


Hi= ~ Linux/Rebol 2.5.6.4.2 I want to check the existence of a filefrom a cgi script and my code works well if I use an absolute= path. I do have problems using a relative path= though: My script resides off the document root in= cgi-bin and the file I want to check for in httpdocs, also off the document= root. filename: &#160;rejoin [ %<what goes= here?> &#160;destpage ".html" ] either exists? filename [ &#160;&#160;&#160;print have= it ][ &#160;&#160;&#160;print= "???" ] I believe I have exhausted all possible= variations I can think of. Can someone shed some light? Thanks, Kai &#160;

 [2/8] from: kpeters:vu-ware at: 7-Aug-2005 14:02


Hi ~   Linux/Rebol 2.5.6.4.2   I want to check the existence of a file from a cgi script and my code works well if I use an absolute path.   I do have problems using a relative path though:   My script resides off the document root in cgi-bin and the file I want to check for in httpdocs, also off the document root.   filename:  rejoin [ %<what goes here?>  destpage ".html" ]  either exists? filename [    print "have it" ][    print "???" ]   I believeI have exhausted all possible variations I can think of. Can someone shed some light?   Thanks, Kai  

 [3/8] from: SunandaDH::aol::com at: 7-Aug-2005 17:06


Kai:
> Can someone shed some light?
Your email was a little difficult to decode as it was afflicted with numbered codes. I hope I've read it right. If your folder structure is: root |--cgi-bin |--httpdocs Then this should work: filename: rejoin [ %../httpdocs/ destpage ".html" ] either exists? filename [ print "have it" ][ print ["couldn't find " file-name clean-path file-name] ] If it doesn't, the clean-path part should help you see exactly where it is looking. A possible problem is that you are looking outside the sandbox.....Have you got -cs in the shebang line? eg: #! ........./rebol/rebol.exe -cs Possibly irrelevant, but if destpage is a value supplied by a user, then do make sure it is safe. A hacker could attempt to get you to display a file you weren't expecting by typing something like http://wwwyoursite.com?your-cgi.r?page=../../../../../etc/bin/passwords Sunanda.

 [4/8] from: kpeters::vu-ware::com at: 7-Aug-2005 14:50

cgi path


Thanks Sunanda - that was actually the first thing I tried and it didn't work initially. Must have screwed up the upload!?! Didn't know about clean-path which comes in handy - lots to learn! Using the script below, it now finds and displays the files. But all relative links from the files displayed via the Rebol script (to images & css scripts) are broken. Such as: <img src="images/header.png" alt="ZooBase Logo" width="750" height="90" border="0"> and "href="zbstyles.css" I have tried playing with change-dir in the script and changing the links in my html files to something like: "../httpdocs/images/header.png - all to no avail! What do I need to do to make this work? Thanks again, Kai #!/home/httpd/vhosts/<my domain>/cgi-bin/rebol -cs REBOL [] cgiparams: system/options/cgi/query-string print "Content-type: text/html^/" destpage: first parse/all cgiparams "&" destpage: second parse/all destpage "=" ;**************************************************** ; does the replace make it safe enough? ;**************************************************** filename: rejoin [ %../httpdocs/ replace/all destpage "/" "@" ".html" ] either exists? filename [ html: read/lines filename print html ][ print ["couldn't find " filename clean-path filename] ]

 [5/8] from: volker::nitsch::gmail::com at: 8-Aug-2005 7:05


On 8/7/05, Kai Peters <[kpeters--vu-ware--com]> wrote:
> Thanks Sunanda - that was actually the first thing I tried and it didn't > work initially. Must have screwed up the upload!?!
<<quoted lines omitted: 8>>
> - all to no avail! > What do I need to do to make this work?
If i had path-problems, i would dump directories from the cgi. Showing me %../, %../ etc from the "perspective" of the rebol-script. And then try to find the same by ftp. if they match, i have a base-path. for security, there are two ways. A basic one is using secure, like secure[file quit %../../httpdocs/ [allow read] %../user-contrib/ [allow]] you can check that with probe secure query If the script tries to go out of that sandbox, it auto-quits. But you want the script to read, say passwords, so have to allow that by secure, but not by malicious user-input. First step: clean-path !> clean-path %webconsole/../.. == %/home/ No more tricky %.. inside Next one, checking for basedir: !>find/match clean-path %webconsole/myfile clean-path %webconsole/ == %myfile !>find/match clean-path %webconsole/../../volker clean-path %webconsole/ == none find/match checks for abbreviations. So data-dir: clean-path %somewhere/ file: clean-path user-input if find/match file data-dir[ "its ok to read" ] find
> Thanks again, > Kai
<<quoted lines omitted: 17>>
> To unsubscribe from the list, just send an email to > lists at rebol.com with unsubscribe as the subject.
-- -Volker Any problem in computer science can be solved with another layer of indirection. But that usually will create another problem. David Wheeler

 [6/8] from: SunandaDH::aol::com at: 8-Aug-2005 5:27


Kai:
> Using the script below, it now finds and displays the files. > But all relative links from the files displayed via the Rebol script > (to images & css scripts) are broken.
Personally, I'd always use absolute links in a web page. That has several advantages, including protection against "302 hijacking". src="images/header.png" should work, and find the file http://www.yoursite.com/images/header.png So, the question is, "where is your server looking for the images file?" I would guess it is supposed to be a subfolder of httpdocs/. But there may be a configuration option that says otherwise. What happens if you type http://www.yoursite.com/images/header.png directly into a browser window? Sunanda.

 [7/8] from: yaozhang::ebay::com at: 8-Aug-2005 21:30


What about /images/header.png ? - Z. Yao

 [8/8] from: kpeters::vu-ware::com at: 9-Aug-2005 15:05


On Mon, 8 Aug 2005 21:30:31 -0600, Zhang, Yao wrote:
> What about /images/header.png ? > > - > Z. Yao
That works just great - thanks! Kai
Notes
  • Quoted lines have been omitted from some messages.
    View the message alone to see the lines that have been omitted