theming – Escaping CSS digits, 0 is removed from CSS aggregated files

The following HTML markup won’t work on a production site.

<div class="iconleft 109">TEXT</div>

This is the code in the custom.css file.

.iconleft.31 09,
.iconleft.31 12,
.iconleft.31 10,
.iconleft.31 11,
.iconleft.31 20 {
  background: #B0CD00;
}

.iconleft.31 09 works on localhost with xampp and no aggregation. On the production site, where Advanced CSS/JS Aggregation is activated, it wont work for 109.

In the aggregated CSS file, I see .iconleft.31 9 as CSS class. It seems that 0 has been removed.

Do you have any hint?

theming – Escaping CSS digits – Drupal removes 0 from css aggregated file

the following css code wont work on production site:

<div class="iconleft 109">TEXT</div>

Thats the code in my custom.css file

.iconleft.31 09,
.iconleft.31 12,
.iconleft.31 10,
.iconleft.31 11,
.iconleft.31 20 {
  background: #B0CD00;
}

.iconleft.31 09 works on localhost with xampp and no aggregation.

On prodction site where Advanced CSS/JS Aggregation is activated it wont work for 109!

In the aggregated css file i see the following class: .iconleft.31 9

It seems that 0 is removed.

Any hints? Thank you!

Escaping strings containing single quotes in PowerShell

How can i replace/escape the single quote in the name cai.o'dowd as its causing errors string is

i:0#.f|membership|cai.o'dowd_hod.com#ext#@xyz.onmicrosoft.com

Currently i’m doing the below and filtering based on userprinciplename

ObjectuserId = (Get-AzureADUser -Filter "UserPrincipalName eq '$($User.LoginName.replace('i:0#.f|membership|',''))'").ObjectId

Any ideas how i can do this in PowerShell? I would also like to check if the field is null before processing it.

Short bash script to join arguments with dashoption, escaping quotes and $ dollar sign

So I got this short awk invocation wrapped in a bash script. unfortunately the bash script is kinda unreadable. Do you have any pointers?

#!/bin/bash
action="printf "$1 " $1 " ""
awk {"$action"} $2

Invoking it like this joinargs -s tmp if the tmp file looks like:

a
bb
ccc

would create this output -s a -s bb -s ccc and it’s useful when assembling commands

security – Sanitizing comments or escaping comment_text()

After thinking about this a little bit, I guess that the proper way to ensure that your comments are properly escaped, is by doing something like this:

$the_comment = get_comment_text();
echo '<p>' . esc_html($the_comment) . '</p>'; 

Instead of simply using the function like this:

comment_text();

Why even have these handy functions in the first place, if they aren’t properly escaped? The comment_author(); function IS, yet this is not for some reason?

Perhaps I am missing something?

rar – unrar files without escaping none ascii characters in heroku

When i want to unrar some files that contains none ascii characters it corrupts the filename and replace the word with ?

Original filename: El Cártel.Want-of-Opportunity.2009.DVDRip.XviD-MoH.srt

enter image description here

And after i get the list of the current files it becomes :

enter image description here

I’m using this buildpack to work with unrar in heroku: https://github.com/hasibulkabir/heroku-buildpack-rarlab

magento2 – Wysiwyg widget escaping character

I’ve created a widget with a wysiwyg inside it (with the class from this module DmatthewWidgetParametersBlockAdminhtmlWidgetTypeWysiwyg)

BUT

When I’m adding my content, with the strong, underline or other html tag, it’s working fine.

But if I change the color (it’s adding a span) with style=”color:blue”, the quote from the style is cutting my content.

Is there a way to prevent it ?

    public function prepareElementHtml(MagentoFrameworkDataFormElementAbstractElement $element)
{
    $editor = $this->factoryElement->create('editor', ('data' => $element->getData()))
        ->setLabel('')
        ->setForm($element->getForm())
        ->setWysiwyg(true)
        ->setConfig(
            $this->wysiwygConfig->getConfig((
                'add_variables' => false,
                'add_widgets' => false,
                'add_images' => false
            ))
        );

    if ($element->getRequired()) {
        $editor->addClass('required-entry');
    }

    $element->setData(
        'after_element_html', $this->_getAfterElementHtml() . $editor->getElementHtml()
    );
    $element->setValue(''); // Hides the additional label that gets added.

    return $element;
}

linux – Shell escaping vs. /etc/sudoers. What’s the difference?

I am trying to grasp some basic principles of security in Linux (I used Centos 8.0 and Kali 2020 in the example below).

I found that providing you have an account in a particular system that is in the /et/sudoers and its entry is ALL=(ALL) you can execute every command with sudo.
Having said that, we can use less with sudo to list say some log file in /var/log

sudo less /var/log/<some log file here>

once listed we might type !sh inside the less which will give us root console. To the best of my knowledge, this is a post-exploitation technique known as shell escaping.

My question is what’s the point of escaping the shell since my account already has capability to run commands with sudo, I mean isn’t this the same. Does me receiving this root shell inside the less command give me any more privileges that I can use to further compromise a system? And if it does, can we say in the /etc/sudoers that my account can execute all commands with it except less for instance?

context sensitive – Is escaping a concept in CS?

I understand “escaping data” as making an exception when matching data; for example, if a program can’t match data wrapped in single and/or double quotes without an exception, than we make an exception, “escaping” such characters to be matched.

Is escaping a concept in CS?
Is it “part of how any computer would work” or just a technical implementation in human-developed programming languages?