Code questions

Jul 9, 2008 at 3:03 PM

Hi,

At first, thank you for this filter, this is exactly the kind of tool I need currently.

I have two questions about the code:
file: ISAPIClipSQLInjection.cpp / line 248:
Is it safe to remove the "else" keyworkd?
My idea is that this way a form posted on "mypage.aspx?param=injectattempt" would have both the posted data AND the query string ( param=injectattempt ) cleaned up.

Same file, a few lines below:
pExecUrlInfo->pszUrl = new char[strUrl.QueryBufferSize()+1];

There is no delete for this allocation, neither for what was allocated before to pExecUrlInfo->pszUrl
So it looks like a potential memory leak. But maybe it's not? I am certainly not an ISAPI expert!



Thanks again,
Olivier



Coordinator
Jul 9, 2008 at 4:20 PM
Edited Jul 9, 2008 at 4:31 PM

Hi Olivier,

Finally someone to ask about the code :)
1. Yes. It is safe to remove the else.
2. It is a local variable not a pointer and it will be disposed automatically when the scope is lost. If you see the SDK you will see code samples like this as well.

I am planing setting up a blog post to explain the code as I release the next version. Feel free to make as many question as you need. If you have a good contribution I would be glad to add to the solution.

 

Thanks,

 

Rodney