ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Powershell variable help

    IT Discussion
    powershell scripting
    3
    23
    872
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 1
      1337 @1337
      last edited by 1337

      @Pete-S said in Powershell variable help:

      @DustinB3403 said in Powershell variable help:

      @Pete-S right, there really isn't a great way to fix it and have the ps1 still be flexible for the types of cases one might expect to see.

      This is part of the line where you use set up a search on the subject line using the string the user entered:

      -ContentMatchQuery ("Subject:" + "$SubjectLine")

      The search query should be formatted according to KQL, Keyword Query Language.
      https://docs.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference

      What you are doing is just passing the user input to the query but it has to be sanitized before you can do that. Or a user could enter KQL keywords inside the search and it would mess everything up. That's why you have a problem I believe.

      To sanitize user input you have to decide what you want the user to be able to enter and what not.
      For instance should the user be allowed to enter wildcards (*) in the query? International characters?

      DustinB3403D 1 Reply Last reply Reply Quote 0
      • DustinB3403D
        DustinB3403 @1337
        last edited by

        @Pete-S That is going to be complete subjective based on the type of spam that might come in.

        I follow what you're saying but I'm kind of stuck between having something functional or not (due to this).

        1 1 Reply Last reply Reply Quote 0
        • 1
          1337 @DustinB3403
          last edited by 1337

          @DustinB3403 said in Powershell variable help:

          @Pete-S That is going to be complete subjective based on the type of spam that might come in.

          I follow what you're saying but I'm kind of stuck between having something functional or not (due to this).

          Well, you need to decide what you are allowing and not. For instance you have already decided to just use the subject line and not any of the other parts of the email, for instance author.

          You need to run the string through regex or something like that to remove characters you are not allowing. It might take more than one string operation to sanitize. I think you can escape any special character you want to allow with backtick `.

          Another option would be to allow the user to enter the entire KQL query themselves.

          Also if you get an error when trying to apply the search you put out an error "Invalid search input!" and go back to prompt the user for input again. That would be one way so solve problems.

          1 Reply Last reply Reply Quote 0
          • 1
          • 2
          • 2 / 2
          • First post
            Last post