| December 29, 2014 | • Printing.exe has been updated: it accepts a regular expression pattern for the printer selection (/X:"regex"), and its output is now sorted by printer name (default), or printer status (/S:S), or by the number of queued print jobs (/S:J).
The command line switches /Quiet and /Verbose have been dropped (use >NUL 2&>1 to hide all output).• A bug in InputBox.exe has been fixed: if a timeout was specified, the program would return the unfiltered and unvalidated default answer when the timeout period expired, regardless of mask or regular expression; the new version returns the input entered so far, filtered and validated, with the appropriate errorlevel. • A minor bug in Which.exe has been fixed: when /F or /P is used, the program will no longer display (file version ) or (product version ) for files that don't have a FileVersion or ProductVersion property. |
||||||||||||||||||
| December 24, 2014 | • InputBox.exe has been updated: besides regular expression based filtering with its /R switch, it now also supports mask based input filtering with its new /M switch. |
||||||||||||||||||
| December 18, 2014 | • UpdateCheck.hta has been updated. Adding a new INI parameter DisplayName, to search the registry for program versions, forced me to rewrite part of the code, as it became too hard to maintain. I also fixed a bug where the HTA would not save all intermediate results in separate files; when fixed, my computer became so littered with these files that I also added an optional /DSWP switch to disable the fixed feature again.• ListProgs.bat is a helper batch file for UpdateCheck.hta's new DisplayName parameter: it lists all registry keys that have both DisplayName and DisplayVersion set, and of course these values themselves. |
||||||||||||||||||
| December 12, 2014 | • Which.exe has been updated: with the new optional command line switches /F and /P the File and Product version will be displayed for the result, if it is an external command. |
||||||||||||||||||
| December 10, 2014 | • Scott Sumner found a bug in the (not quite) "fool proof" input routine for SET /P: in a batch file, the redirection to NUL of FINDSTR's output caused the errorlevel to always equal 0.I modified the code, the check for the errorlevel is now done before FINDSTR's output is redirected to NUL.Thanks Scott |
||||||||||||||||||
| December 9, 2014 | • Eelco Ligtvoet found some bugs in ListIntCmd.exe:
Thanks Eelco |
||||||||||||||||||
| December 8, 2014 | • Which.exe has been updated: no more hard-coded list of internal commands, it now searches %COMSPEC% for that list (and uses the old hard-coded list only if it fails to get the list from %COMSPEC%).• ListIntCmd.exe has been updated:
Since ListIntCmd.exe's code is also used in other programs (BatCodeCheck.exe and Which.exe), I really appreciate Eelco's help. Thanks Eelco |
||||||||||||||||||
| December 7, 2014 | • ListIntCmd.exe, a spin-off of BatCodeCheck, is a new tool to list all available internal commands. Tested on my own Windows 7 system only, so far. |
||||||||||||||||||
| December 5, 2014 | • The C# Examples page has been restyled. Besides a new icon style, a new icon has been added for each program, opening the program's help text when clicked. • LoCase.exe and UpCase.exe have been updated: besides renaming files to all lower or all upper case, they can now also render redirected input to all lower or all upper case. Locase.exe ThisFile.Ext will rename ThisFile.Ext to thisfile.ext.DIR | UpCase.exe will show DIR's output in all upper case. |
||||||||||||||||||
| December 4, 2014 | • RxReplace.exe is a new, multi-line, regex based find and replace tool. • Which.exe has been updated: the new optional command line switch /C copies the result to the clipboard, and /E opens Explorer with the result selected, if and only if the result is a (single) file, i.e. an external command.• I added a command to list all internal commands to my Short Command Line Tips page: STRINGS %ComSpec% | RXGREP "[\n\r]CLS[\n\r][\w\W\n\r]*COMSPEC[\n\r]" | SORT | RXGREP "([A-Z]+[\n\r]+)+" | SORTTested on my own Windows 7 system only, so far. |
||||||||||||||||||
| November 28, 2014 | • UpdateCheck.hta has been updated. Several new command line switches and INI file parameters were added, and the program list (INI file) itself is now checked for updates too. Note that the new INI file parameters will not be recognized by UpdateCheck.vbs. |
||||||||||||||||||
| November 20, 2014 | • The new version 0.32 of BatCodeCheck went through a major reshuffle of command line switches. If you created batch files to run BatCodeCheck, modify those accordingly. BatCodeCheck now checks an environment variable %BatCodeCheck% for some default switches, like DIR does with %DIRCMD%.BatCodeCheck's new /I switch allows you to interactively modify the settings for the current "run"; this feature will be available in beta versions and future licensed versions of BatCodeCheck only. |
||||||||||||||||||
| November 15, 2014 | • The new version 0.30.5 of BatCodeCheck accepts two new optional command line switches: /S to split one-liners, and test each part as a separate command line; and /H to save the screen output to an HTML file. |
||||||||||||||||||
| November 10, 2014 | • I created a new page with known issues for BatCodeCheck. If you find any bugs, errors or unexpected results, please send the details to moc.eduowrednavbor@ofni . |
||||||||||||||||||
| November 8, 2014 | • BatCodeCheck has been added to UpdateCheck.hta's program list. | ||||||||||||||||||
| November 7, 2014 | • BatCodeCheck had several minor updates again: it now also tests for invalid command line switches of several internal commands, and for unescaped ECHOed parenthesis inside code blocks. | ||||||||||||||||||
| October 30, 2014 | • A tutorial on safely using SET /P to prompt for input has been added to the batch file Best Practices section.• BatCodeCheck now also tests for SET /P. |
||||||||||||||||||
| October 29, 2014 | • BatCodeCheck has been updated again: it now distinguishes between real errors (that do break your code) and bad practices (that may some day break your code). | ||||||||||||||||||
| October 28, 2014 | • BatCodeCheck has been updated: case sensitivity has been corrected and several new tests for some common errors were added. | ||||||||||||||||||
| October 22, 2014 | • I added a page on batch file best practices to this site: DOs and DON'Ts When Writing Batch Files. • I also added a page dedicated to BatCodeCheck. |
||||||||||||||||||
| October 13, 2014 | • Wolfgang Struensee also found a bug in DropDownBox.exe: it didn't resize the prompt correctly if the window height was specified. Besides, "\n" in the prompt string wasn't interpreted as a line break. Both isssues have been fixed in version 1.01. Thanks Wolfgang |
||||||||||||||||||
| October 12, 2014 | • Wolfgang Struensee found a bug in DateTimeBox.exe: it didn't handle unspecified (default) date/time display formats correctly. To fix the bug I changed the initial date and time patterns from String.Empty to CultureInfo.CurrentCulture.DateTimeFormat.ShortDatePattern and CultureInfo.CurrentCulture.DateTimeFormat.LongTimePattern.Thanks Wolfgang |
||||||||||||||||||
| October 9, 2014 | • BatCodeCheck.exe has been updated, it now finds unquoted %CD% "derivates" like %CD:~0,2% or %__CD__:\=/% too.• While testing the BatCodeCheck.exe update on my batch files I found another vulnerability in RoboMove.bat that previous tests had missed: unquoted %__CD__:~2% to extract the current path without drive.It is much safer to use FOR %%A IN (.\) DO SET Currentpath="%%~pA" instead.RoboMove.bat has been updated accordingly. |
||||||||||||||||||
| October 7, 2014 | • I had been pondering on a Batch Files Best Practices section for a while, and then the recent code insertion vulnerability disclosure made it clear I just had to add it, now! The first part discusses some solutions for the vulnerability in (unquoted) %CD%, plus command line input validation and a safer alternative. |
||||||||||||||||||
| October 2, 2014 | • The impact of the security code insertion vulnerability for batch files is probably a lot greater than just these few scripts that used unquoted %CD%, though these did pose the greatest risk.Unquoted parsing of command line arguments ( %1 etc.) also poses a risk, though in that case the arguments usually come from the current user, whereas, on a file server, the value of %CD% is the name of a directory created by just about anyone.Still, expect many updates of my existing batch files the next couple of weeks, and check your own batch files. I will implement more "best practice" warnings in BatCodeCheck.exe too. |
||||||||||||||||||
| October 1, 2014 | • A security vulnerability for "shell scripts" (batch files) has been disclosed: http://www.thesecurityfactory.be/command-injection-windows.html. In short, it warns against the use of unquoted %CD% because malicious users may abuse it to start unwanted programs by creating directories with ampersands in their names.I urge you to read the details in the link above and investigate your batch files for the use of unquoted %CD% (or %__CD__% for that matter, and don't forget !CD! and !__CD__! either).I have my work cut out for me... The disclosure includes a copy of my Own.bat for Windows 2000 to demonstrate vulnerable code. Note that the batch file used as a sample has been updated to prevent the vulnerability, but I left the vulnerable code in comments for learning purposes. • Now that I have to check many batch files for the code insertion vulnerability, I added a preliminary test for this vulnerability in BatCodeCheck.exe. • An automated test on 417 batch files out of the 993 (mixed) source files hosted on this website took just under 2 minutes, and discovered 9 affected files. I will investigate these files and update them if necessary.
• Alarmed by the code insertion vulnerability disclosure, I updated InputBox.exe:
|
page last modified: 2018-04-16; loaded in 0.0093 seconds
