SANITIZE.EXE - Sanitize user input and prevent code injection

[SirJosh3917]

So we all know that just about any batch file can become hacked by typing in "&call LeetBatchFileToGiveMeAllTheHackingPower.bat" whenever it prompts you with input.

SANITIZE.EXE fixes this, by doing the following:
1) getting the user input
2) removing all instances of "&" and "%"
3) storing it in a file

Then after that, you can just read the first line from the file and see what you get.

========================
DOWNLOAD IT:

sanitize.zip

SANITIZE.EXE download & demo

(71.81 KiB) Downloaded 461 times

========================
SOURCE CODE:

source.zip

Source code of sanitize.

(52.63 KiB) Downloaded 432 times

[Aacini]

I am afraid I don't understand the purpose of this program. If the idea is to avoid the problems that may happen when the user input is expanded via %standard% expansion, just use !delayed! expansion instead...

Antonio

[SirJosh3917]

I am afraid I don't understand the purpose of this program. If the idea is to avoid the problems that may happen when the user input is expanded via %standard% expansion, just use !delayed! expansion instead...

Antonio

Oh...
My bad...

I mean I guess it has some use when not using setlocal enabledelayedexpansion but...
oh well.