I have a simple component which takes a string, and changes keywords like
SELECT to select - and other non alphanumeric characters are changed to
their HTML equivilent - this is to filter a user's input on a form to make
whatever they typed in safer
in VB I can do (and I can also do this in a VBS file using cscript or
wscript)
set oWFVC=createobject("WFVC.clsWFVC") '[I know the naming
is not the greatest]
debug.print oWFVC.Validate("SELECT")
and get back
select
but if I do the same thing from ASP / VBScript (webpage), I get the original
string back!
I have the component registered in COM+ in its own server package, it does
not make a difference if I run it as current user, or administrator, I still
get the same results. I even tried to log the value of the function (I set
the function equal to the return value at the end, and then log that to a
file to make sure the code executed, it does execute and change the string,
and sets the function equal to it). [code follows]
[code from class module clsWFVC]
Option Explicit
Public Function Validate(sData As Variant, Optional iLength As Variant =
200) As String
On Error GoTo err
'Stop
'Below, if the string !!!###error is passed in, will raise an error
'This is for testing if logging is functioning
If sData = "!!!###error" Then
err.Raise vbObjectError + 513, "WFVC.clsWFVC", "Test Error"
End If
Dim iCharPointer As Integer, iCharFlag(255) As Boolean, strOut As
String, intCount As Integer
iCharPointer = 1
' *define* forbidden characters, set the array element to true for a
corresponding
'forbidden ascii value
'take care of non-printable control characters
For intCount = 0 To 31
iCharFlag(intCount) = True
Next
'take care of ! " # $ % & ' ( ) * + ,
For intCount = 33 To 45
iCharFlag(intCount) = True
Next
'take care of ;
iCharFlag(59) = True
'unicode characters
For intCount = 91 To 96
iCharFlag(intCount) = True
Next
For intCount = 123 To 255
iCharFlag(intCount) = True
Next
'If string is longer than 200 characters, or passed-in override length
then truncate
If Len(sData) > iLength Then
sData = Mid(sData, 1, iLength)
End If
Do While iCharPointer <= Len(sData)
'*** existing HTML codes ***
'Check if current character is a '&' - if so, and the 6th or 7th
character is a ';',
'Then this is an HTML code and does not need changed.
If Mid(sData, iCharPointer, 1) = "&" Then
'HTML code which is 2 characters [&xx;]
If Mid(sData, iCharPointer + 2, 1) = ";" And
IsAlphanumeric(Mid(sData, iCharPointer + 1, 1)) Then
strOut = strOut & Mid(sData, iCharPointer, 3)
iCharPointer = iCharPointer + 3
'HTML code which is 4 characters [&xxx;]
ElseIf Mid(sData, iCharPointer + 3, 1) = ";" And
IsAlphanumeric(Mid(sData, iCharPointer + 2, 1)) Then
strOut = strOut & Mid(sData, iCharPointer, 4)
iCharPointer = iCharPointer + 4
'HTML code which is 5 characters [&xxx;]
ElseIf Mid(sData, iCharPointer + 4, 1) = ";" And
IsAlphanumeric(Mid(sData, iCharPointer + 3, 1)) Then
strOut = strOut & Mid(sData, iCharPointer, 5)
iCharPointer = iCharPointer + 5
'HTML code which is 6 characters [&xxxx;]
ElseIf Mid(sData, iCharPointer + 5, 1) = ";" And
IsAlphanumeric(Mid(sData, iCharPointer + 4, 1)) Then
strOut = strOut & Mid(sData, iCharPointer, 6)
iCharPointer = iCharPointer + 6
'HTML code which is 7 characters [&xxxxx;]
ElseIf Mid(sData, iCharPointer + 6, 1) = ";" And
IsAlphanumeric(Mid(sData, iCharPointer + 5, 1)) Then
strOut = strOut & Mid(sData, iCharPointer, 7)
iCharPointer = iCharPointer + 7
Else
'*** ampersand not part of HTML code
'current character does not belong to a special HTML sequence,
change it
strOut = strOut & "&"
iCharPointer = iCharPointer + 1
End If
Else
'***
'Current Character is not an ampersand, check if it is part of a
keyword and change if necessary
If LCase(Mid(sData, iCharPointer, 6)) = "select" Then
strOut = strOut & "&#" & Asc(Mid(sData, iCharPointer, 1)) &
";" & Mid(sData, iCharPointer + 1, 5)
iCharPointer = iCharPointer + 6
ElseIf LCase(Mid(sData, iCharPointer, 6)) = "delete" Then
strOut = strOut & "&#" & Asc(Mid(sData, iCharPointer, 1)) &
";" & Mid(sData, iCharPointer + 1, 5)
iCharPointer = iCharPointer + 6
ElseIf LCase(Mid(sData, iCharPointer, 6)) = "insert" Then
strOut = strOut & "&#" & Asc(Mid(sData, iCharPointer, 1)) &
";" & Mid(sData, iCharPointer + 1, 5)
iCharPointer = iCharPointer + 6
ElseIf LCase(Mid(sData, iCharPointer, 6)) = "update" Then
strOut = strOut & "&#" & Asc(Mid(sData, iCharPointer, 1)) &
";" & Mid(sData, iCharPointer + 1, 5)
iCharPointer = iCharPointer + 6
'Now check for forbidden characters
ElseIf iCharFlag(Asc(Mid(sData, iCharPointer, 1))) Then
strOut = strOut & "&#" & Asc(Mid(sData, iCharPointer, 1)) &
";"
iCharPointer = iCharPointer + 1
Else
strOut = strOut & Mid(sData, iCharPointer, 1)
iCharPointer = iCharPointer + 1
End If
End If
Loop
If IsNull(sData) Then
Validate = Null
Else
Validate = strOut
End If
Dim fso As FileSystemObject
Set fso = New FileSystemObject
Dim oStream As TextStream
'log the results to make sure everything is working
Set oStream = fso.OpenTextFile("c:\wfvc.log", ForAppending, True)
oStream.WriteLine Validate
oStream.Close
Set oStream = Nothing
Set fso = Nothing
Exit Function
err:
Validate = err.Description & " / " & err.Number
App.LogEvent "WFVC ERROR:" & Validate, vbLogEventTypeError
End Function
[code from module Function.bas]
Public Function IsAlphanumeric(sChar)
If sChar = "" Or IsNull(iAsc) Then
IsAlphanumeric = False
Exit Function
End If
iAsc = Asc(sChar)
If (iAsc >= 97 And iAsc <= 122) Or (iAsc >= 65 And iAsc <= 90) Or
(iAsc >= 48 And iAsc <= 57) Then
IsAlphanumeric = True
Else
IsAlphanumeric = False
End If
End Function
problem using component with asp page -- result of function not returned, instead original value returned