Dear Platonides,
On 1/2/13, Platonides <platonides(a)gmail.com> wrote:
>
> 1) IMAGE FILE NAME
-----snip-----
Obviously, you should have been using:
$ curl -O 'http://star*.jpg'
$ curl -O 'http://foo`ls`bar.jpg'
If you simply pass the parameters without quoting to curl, well, that's
a bad idea. Specially since you don't seem to be treating $ specially...
Of course. I learned the quoting rules for /bin/sh, sql, and many
other systems. My point is really about risk tolerance. The image
file `star*.jpg' is one real example of what was downloaded using an
early version of WP-MIRROR, which I then rewrote to block. I am
averse to file names that contain wild cards and other control
characters. I can handle them safely *almost* all the time. But,
(shell)$ rm 'star*.jpg' <-- one day I will forget to do this,
(shell)$ rm star*.jpg <-- and will instead do this (with
collateral damage).
Murphy's Law: Work two days straight, inadvertently delete three days
work, discover backup tape is unreadable.
-----snip-----
> 4) SHA1SUM
-----snip-----
>
> (rootshell)# openssl dgst -sha1 0/00/Arc_en_ciel.png
> SHA1(0/00/Arc_en_ciel.png)= fd67104be2338dea99e1211be8b6824d3b271c38
-----snip-----
> mysql> SELECT img_sha1,img_name FROM
simplewiki.image WHERE
> img_name='Arc_en_ciel.png';
> +---------------------------------+-----------------+
> | img_sha1 | img_name |
> +---------------------------------+-----------------+
> | tllx8mwbr31uissi6a9jq86836d6vy0 | Arc_en_ciel.png |
> +---------------------------------+-----------------+
> 1 row in set (0.00 sec)
-----snip-----
Those are sha1 in base-36. You will need to convert from base-36 to
base-16 to get the “classical output”.
Can't test this with MySQL function CONV() which is limited to 64bit,
so let's try:
(shell)$ clisp -q -q
[1]> (string-downcase (format nil "~36r"
#xfd67104be2338dea99e1211be8b6824d3b271c38))
"tllx8mwbr31uissi6a9jq86836d6vy0"
Its a match. Excellent! Thank you very much.
Action Item: WP-MIRROR 0.6 shall use SHA1 digests to validate image files.
Sincerely Yours,
Kent