At first, thank you for this filter, this is exactly the kind of tool I need currently.
I have two questions about the code:
file: ISAPIClipSQLInjection.cpp / line 248:
Is it safe to remove the "else" keyworkd?
My idea is that this way a form posted on "mypage.aspx?param=injectattempt" would have both the posted data AND the query string ( param=injectattempt ) cleaned up.
Same file, a few lines below:
pExecUrlInfo->pszUrl = new
There is no delete for this allocation, neither for what was allocated before to
So it looks like a potential memory leak. But maybe it's not? I am certainly not an ISAPI expert!
Jul 9, 2008 at 4:20 PM
Edited Jul 9, 2008 at 4:31 PM
Finally someone to ask about the code :)
1. Yes. It is safe to remove the else.
2. It is a local variable not a pointer and it will be disposed automatically when the scope is lost. If you see the SDK you will see code samples like this as well.
I am planing setting up a blog post to explain the code as I release the next version. Feel free to make as many question as you need. If you have a good contribution I would be glad to add to the solution.