Dear Platonides,
On 1/2/13, Platonides platonides@gmail.com wrote:
- IMAGE FILE NAME
-----snip-----
Obviously, you should have been using: $ curl -O 'http://star*.jpg' $ curl -O 'http://foo%60ls%60bar.jpg'
If you simply pass the parameters without quoting to curl, well, that's a bad idea. Specially since you don't seem to be treating $ specially...
Of course. I learned the quoting rules for /bin/sh, sql, and many other systems. My point is really about risk tolerance. The image file `star*.jpg' is one real example of what was downloaded using an early version of WP-MIRROR, which I then rewrote to block. I am averse to file names that contain wild cards and other control characters. I can handle them safely *almost* all the time. But,
(shell)$ rm 'star*.jpg' <-- one day I will forget to do this, (shell)$ rm star*.jpg <-- and will instead do this (with collateral damage).
Murphy's Law: Work two days straight, inadvertently delete three days work, discover backup tape is unreadable.
-----snip-----
- SHA1SUM
-----snip-----
(rootshell)# openssl dgst -sha1 0/00/Arc_en_ciel.png SHA1(0/00/Arc_en_ciel.png)= fd67104be2338dea99e1211be8b6824d3b271c38
-----snip-----
mysql> SELECT img_sha1,img_name FROM simplewiki.image WHERE img_name='Arc_en_ciel.png'; +---------------------------------+-----------------+ | img_sha1 | img_name | +---------------------------------+-----------------+ | tllx8mwbr31uissi6a9jq86836d6vy0 | Arc_en_ciel.png | +---------------------------------+-----------------+ 1 row in set (0.00 sec)
-----snip-----
Those are sha1 in base-36. You will need to convert from base-36 to base-16 to get the “classical output”.
Can't test this with MySQL function CONV() which is limited to 64bit, so let's try:
(shell)$ clisp -q -q [1]> (string-downcase (format nil "~36r" #xfd67104be2338dea99e1211be8b6824d3b271c38)) "tllx8mwbr31uissi6a9jq86836d6vy0"
Its a match. Excellent! Thank you very much.
Action Item: WP-MIRROR 0.6 shall use SHA1 digests to validate image files.
Sincerely Yours, Kent