jplitza
commented
8 years ago Not generating for "strange" node_ids is obviously suboptimal. What exactly causes what to stop? Can we fix it by replacing "strange" characters?
Closed Sunz3r closed 8 years ago
jplitza
commented
8 years ago Not generating for "strange" node_ids is obviously suboptimal. What exactly causes what to stop? Can we fix it by replacing "strange" characters?
Sunz3r
commented
8 years ago Characters like : stops working the script. You can inject code with the node_id therefore replacing characters are not needed because this should only prevent errors.
tcatm
commented
8 years ago Please don't use non-alphanumeric characters in your node id (I have changed my mind about this, in case you're reading older issues about this topic). This is a won't fix.
Sunz3r
commented
8 years ago You wont fix a possible secuity issue? Everyone can break this script by send bad node_ids. Maybe i blog a warning about this problem so we dont need to fix this if everyone knows about it?
tcatm
commented
8 years ago Well, I may accept a PR that simply rejects nodes with invalid data. This PR, however, introduces some strange undocumented behaviour that may cause more trouble than harm.
This would be the right place to implement it: https://github.com/ffnord/ffmap-backend/blob/master/lib/validate.py
Sunz3r
commented
8 years ago Thanks, i just push another PR with proper implementation :)
if node_id contains invalid characters then the script stop working