Not really AmigaOS development, but still:
I'm porting (or rather, re-writing) gW3S for Linux, using the Regina REXX interpreter and some nifty GNU utils (awk, ls etc.)
The big question is: How do I avoid the simplest exploit ever (IE the query string hack)? :-)
I'd like to avoid stuff like this:
document.xgi?var=value;cat /etc/passwd
...but I'd also like to provide the XGI scripts with an unescaped query string.
I'm passing the QS as an argument to the chosen script.
I've tried using environment variables but it doesn't really work setting these with Regina's VALUE()...
Any ideas would be helpful!
:-?
