Antwort: Re: [Nagios-devel] clean_macro_chars() no longer called in utils.c
Posted: Thu Feb 10, 2005 3:32 pm
>> Nagios 2.0b1 appears not to clean illegal characters from certain
>> macros as documented.
>
> You are correct. The macro code was changed shortly before the beta=20
> 1 release, and this one fell through the cracks. I am posting a=20
> patch to CVS shortly.
I'm still wondering if cleaning of unwanted chars is really the thing
to do. In my opinion it would be "more correct" to escape those
characters properly instead of just erasing them.
Some special characters might be needed for the actual output to
be readable and could get severely screwed up if characters get
totally stripped as in hampering the readability.
I am referring to an approach like for example PHP or most other
languages dealing with special characters (be it database in/output
or system calls), where you usually pipe the string through a
function like addslashes() which properly escapes unwanted characters.
Wouldn't that be much more feasible?
regards
sash
--------------------------------------------------
Sascha Runschke
Netzwerk Administration
IT-Services
ABIT AG
Robert-Bosch-Str. 1
40668 Meerbusch
Tel.:+49 (0) 2150.9153.226
Mobil:+49 (0) 173.5419665
mailto:[email protected]
http://www.abit.net
http://www.abit-epos.net
http://www.my-academy.net
--------------------------------------------------
Der Inhalt dieser Email sowie die Anh=E4nge sind ausschlie=DFlich f=FCr den=
=20
bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat=20
dieser Email oder dessen Vertreter sein sollten, so beachten Sie bitte,=20
da=DF jede Form der Kenntnisnahme, Ver=F6ffentlichung, Vervielf=E4ltigung =
oder=20
Weitergabe des Inhalts dieser Email unzul=E4ssig ist. Wir m=F6chten Sie=20
au=DFerdem darauf hinweisen, da=DF die Kommunikation per Email =FCber das=20
Internet unsicher ist, da fuer unberechtigte Dritte grunds=E4tzlich die=20
M=F6glichkeit der Kenntnisnahme und Manipulation besteht. Wenn Sie diese=20
Nachricht versehentlich erhalten, informieren Sie bitte den Absender und=20
l=F6schen diese Nachricht mit den Anh=E4ngen. Herzlichen Dank
The information and any attachments contained in this email are intended=20
solely for the addressee. Access to this email by anyone else is=20
unauthorized. If you are not the intended recipient, any form of=20
disclosure, reproduction, distribution or any action taken or refrained=20
from in reliance on it, is prohibited and may be unlawful. We also like to =
inform you that communication via email over the internet is insecure=20
because third parties may have the possibility to access and manipulate=20
emails. If you have received the message in error, please advise the=20
sender and delete the message and any attachments. Thank you very much.
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
>> macros as documented.
>
> You are correct. The macro code was changed shortly before the beta=20
> 1 release, and this one fell through the cracks. I am posting a=20
> patch to CVS shortly.
I'm still wondering if cleaning of unwanted chars is really the thing
to do. In my opinion it would be "more correct" to escape those
characters properly instead of just erasing them.
Some special characters might be needed for the actual output to
be readable and could get severely screwed up if characters get
totally stripped as in hampering the readability.
I am referring to an approach like for example PHP or most other
languages dealing with special characters (be it database in/output
or system calls), where you usually pipe the string through a
function like addslashes() which properly escapes unwanted characters.
Wouldn't that be much more feasible?
regards
sash
--------------------------------------------------
Sascha Runschke
Netzwerk Administration
IT-Services
ABIT AG
Robert-Bosch-Str. 1
40668 Meerbusch
Tel.:+49 (0) 2150.9153.226
Mobil:+49 (0) 173.5419665
mailto:[email protected]
http://www.abit.net
http://www.abit-epos.net
http://www.my-academy.net
--------------------------------------------------
Der Inhalt dieser Email sowie die Anh=E4nge sind ausschlie=DFlich f=FCr den=
=20
bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat=20
dieser Email oder dessen Vertreter sein sollten, so beachten Sie bitte,=20
da=DF jede Form der Kenntnisnahme, Ver=F6ffentlichung, Vervielf=E4ltigung =
oder=20
Weitergabe des Inhalts dieser Email unzul=E4ssig ist. Wir m=F6chten Sie=20
au=DFerdem darauf hinweisen, da=DF die Kommunikation per Email =FCber das=20
Internet unsicher ist, da fuer unberechtigte Dritte grunds=E4tzlich die=20
M=F6glichkeit der Kenntnisnahme und Manipulation besteht. Wenn Sie diese=20
Nachricht versehentlich erhalten, informieren Sie bitte den Absender und=20
l=F6schen diese Nachricht mit den Anh=E4ngen. Herzlichen Dank
The information and any attachments contained in this email are intended=20
solely for the addressee. Access to this email by anyone else is=20
unauthorized. If you are not the intended recipient, any form of=20
disclosure, reproduction, distribution or any action taken or refrained=20
from in reliance on it, is prohibited and may be unlawful. We also like to =
inform you that communication via email over the internet is insecure=20
because third parties may have the possibility to access and manipulate=20
emails. If you have received the message in error, please advise the=20
sender and delete the message and any attachments. Thank you very much.
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]