Re: Controlling Inputted Paths in a CGI Script


go ahead... be a heretic
	PerlMonks

Re: Controlling Inputted Paths in a CGI Script

by monkfish (Pilgrim)

on Oct 31, 2001 at 18:50 UTC ( [id://122348]=note: print w/replies, xml )

Need Help??

in reply to Controlling Inputted Paths in a CGI Script

If you want to accept all valid paths and file names and avoid anything unsafe you'd need to do something more complicated like split on the / and check each element individually.

However if you are willing to say, "I don't care about all legal file names", my files will be limited to alphanumeric, underscore, space, dash, slash and dot. (Which seems reasonable). Then remove everything else and eliminate multiple dots.

$file =~ s@[^\w/. -]@@g;
$file =~ s/\.+/./g;
[download]

-monkfish (The Fishy Monk)

Comment on Re: Controlling Inputted Paths in a CGI Script Download Code

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://122348]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others lurking in the Monastery: (3)

As of 2024-04-25 09:25 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found