[erlang-questions] Special Characters problem

Vlad Dumitrescu vladdu55@REDACTED
Wed Jan 2 12:35:21 CET 2013


Hi!

On Wed, Jan 2, 2013 at 12:26 PM, Evren Bayraktar <evrenweb@REDACTED> wrote:

> lists:flatten(io_lib:format("from=~s&to=~s&message=~s&status=~b&time_create=~b",
> [FromS, ToS, BodyS, Status, unix_timestamp()
>

I would guess that the message's body (and maybe even the other strings)
should be escaped or quoted (by using ~w instead of ~s), probably the
parser for the resulting string can't handle the spaces and the '>'.

You should in any case sanitize the input, otherwise you will have problems
with code injection, imagine a message saying
"Hello&status=closed&time_create=..." (or worse).

best regards,
Vlad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20130102/09455f77/attachment.htm>


More information about the erlang-questions mailing list