Taint Mode

Thanks for the suggestion. I've untainted my input.

I never use taint mode because I don't maintain a public http server (all my scripts are single-user only and behind a firewall), but I guess that doesn't really help other people who download my code and have it exploited. Please let me know if you think there's still a problem.

-the Pedro Picasso
(sourceCode == freeSpeech)

Comment on Taint Mode

Replies are listed 'Best First'.
(MeowChow) Re: Taint Mode by MeowChow (Vicar) on Apr 04, 2002 at 06:53 UTC
I think you're permitting too much. I'd write: `($node) = $node =~ /\w{1,32}/g;` [download] Remember. Be paranoid. They are out to get you :) MeowChow s aamecha.s a..a\u$&owag.print	[reply] [d/l]
What's in a name? by Pedro Picasso (Sexton) on Apr 05, 2002 at 03:54 UTC
I limited size between 1 and 32 as per your example, but I can't let go of my limited punctuation. Do you know where I can find the ext2 filesystem specifications for filenames? -the Pedro Picasso (sourceCode == freeSpeech)	[reply]
(MeowChow) Re: What's in a name? by MeowChow (Vicar) on Apr 05, 2002 at 06:17 UTC
Ext2 is very lenient, allowing for any character except except for NULL and "/" in a filename. I still recommend that you lose the punctuation. MeowChow s aamecha.s a..a\u$&owag.print	[reply]


Pathologically Eclectic Rubbish Lister
	PerlMonks