in reply to Help make upload from web secure
Just a quick comment- when you're writing CGI programs, it's a really good idea to use the -T command-line switch to enable taint checking:
- robsv
Searching for "taint" here on Perl Monks will yield some good information. In terms of a regex to do some checking for you, The Camel ("Programming Perl", third edition) offers many suggestions in Chapter 23 ("Security"). Here's an example from the book that checks that $string contains only "word" characters:#!/usr/bin/perl -Tw
if ($string =~ /^([-\@\w.]+)$/) { $string = $1; } else { die "Bad data in $string"; }
- robsv
|
---|
In Section
Seekers of Perl Wisdom