javascript 将字符串从网页传递到 php 然后传递到 Obj-C 命令行工具的正确方法
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14156403/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Correct way to pass string from web page, to php and then to Obj-C Command Line Tool
提问by Paolo
Preface:
前言:
I've a web page with a form and a text field.
我有一个带有表单和文本字段的网页。
1) On submission, the text in the field is sent with ajax to a php script (with GET method).
1)提交时,字段中的文本通过ajax发送到php脚本(使用GET方法)。
2) The php script gets the text and passes it as a parameter to a shell tool.
2) php 脚本获取文本并将其作为参数传递给shell 工具。
3) The shell C tool parses argcinto an array of unichars (actually an NSString in my current implementation)
3) shell C 工具将argc解析为一个 unichars 数组(在我当前的实现中实际上是一个 NSString)
(4.. 5.. 6.. then the tool does his job, returns a result to stdout that the php script serves back as response to the web page...)
(4.. 5.. 6.. 然后该工具完成他的工作,将结果返回到标准输出,即 php 脚本作为对网页的响应......)
I'm looking for the correct/ canonical/ "unicode" way to do each step so that: content is properly encoded and preserved, no security issues come out.
我正在寻找正确的/规范的/“ unicode”方式来完成每一步,以便:内容被正确编码和保存,不会出现安全问题。
What I'm doing now:
我现在在做什么:
1) (JavaScript) the text is retrieved from the form this way
1) ( JavaScript) 以这种方式从表单中检索文本
theText = $('#theField').attr('value');
and sent to the server this way
并以这种方式发送到服务器
httpReq.open('GET','myScript.php?theText=' + encodeURIComponent(theText),true);
2) (PHP) I get the text
2) ( PHP) 我得到文本
$theText=(isset($_GET["theText"])?$_GET["theText"]:"");
I call the C tool
我调用 C 工具
$cmd = "/usr/bin/thetool -theText ".escapeshellarg($theText);
echo shell_exec( $cmd );
3) (Objective-C) I'm on MacOS X, so I take advantage of NSString and NSUserDefaults classes (but a plain C solution would be good for me as well, assumed that I'll end up with an array of unichars)
3)(Objective-C)我在 MacOS X 上,所以我利用 NSString 和 NSUserDefaults 类(但一个普通的 C 解决方案对我也有好处,假设我最终会得到一个 unichars 数组)
int main(int argc, const char * argv[])
{
NSUserDefaults *userDefaults = [NSUserDefaults standardUserDefaults];
NSString *theText = [userDefaults stringForKey: @"theText"];
Question(s)
问题)
Is this the good way?
这是好方法吗?
Is escapeshellargalone safe when invoking shell_exec?
是escapeshellarg调用了shell_exec当单独安全吗?
Am I going to lose some characters along the way if the user types something peculiar?
如果用户输入一些特殊的东西,我会在此过程中丢失一些字符吗?
采纳答案by Paolo
Waiting from a competent reply, I've started making some empirictests...
等待主管答复,我已经开始进行一些经验测试......
First I changed
首先我改变了
echo shell_exec( $cmd );
to
到
echo $cmd;
to see what the command line invocation was turning out to be given various text entered in the form. It seem that escapeshellargon the PHP side do a good job.
看看命令行调用结果是什么,给出了在表单中输入的各种文本。看来PHP端的escapeshellarg做的不错。
The text passed to the Tool seems to be always properly sealed between single quotes, with "dangerous" character well escaped. I found no way to tamper with the tool invocation.
传递给工具的文本似乎总是在单引号之间正确密封,“危险”字符很好地转义。我发现无法篡改工具调用。
Then I tested for the text passed to see if something was getting lost somewhere.
然后我测试了通过的文本,看看是否有什么东西在某处丢失了。
I set up the C tool this way and looked for the output
我以这种方式设置了 C 工具并寻找输出
int main(int argc, const char * argv[])
{
NSUserDefaults *userDefaults = [NSUserDefaults standardUserDefaults];
NSString *theText = [userDefaults stringForKey: @"theText"];
int i;
unichar c;
for(i=0;i<[theText length];i++)
{
c = [searchString characterAtIndex:(NSUInteger) i];
printf("%d\n",c);
}
return 0;
}
Made various tries. It seems all ok. As the last test I entered a "MUSICAL SYMBOL G CLEF" in the form
做了各种尝试。似乎一切正常。作为最后一个测试,我在表格中输入了“MUSICAL SYMBOL G CLEF”
http://www.fileformat.info/info/unicode/char/1d11e/index.htm
http://www.fileformat.info/info/unicode/char/1d11e/index.htm
It turned out to correctlyend into the tool as a couple* of unichars
事实证明,它以一对 * unichars 的形式正确地结束了该工具
55348 56606
55348 56606
(* being this a very special character whose code exceeds 65535 it need to be represented with a couple of surrogate unichars. This is the most edge case I found).
(*这是一个非常特殊的字符,其代码超过 65535,需要用几个代理单字符来表示。这是我发现的最边缘的情况)。
Anyway as I stated at the beginning these are just empiric tests. I don't like to assume that sensible code is good just beacuse passes a dozen of test. I'd very happy to receive comments or suggestions (or warnings!).
无论如何,正如我在开头所说的,这些只是经验性测试。我不喜欢仅仅因为通过了十几个测试就假设合理的代码是好的。我很高兴收到评论或建议(或警告!)。
I tested on Mac OS X - Firefox on the client side - Mac OS X - Mamp on the server side.
我在 Mac OS X - 客户端的 Firefox - Mac OS X - 服务器端的 Mamp 上进行了测试。
