Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

•Re: Re: •Re: anti leech CGI

by merlyn (Sage)
on Oct 30, 2002 at 15:41 UTC ( [id://209113]=note: print w/replies, xml ) Need Help??


in reply to Re: •Re: anti leech CGI
in thread anti leech CGI

my $remote = $ENV{REMOTE_ADDR};
return(0) unless grep /$remote/, @$hosts;

[download]
No, because the point is that you're using a regex where you want an exact match, and it's not anchored either!

This is better: 

my $remote = $ENV{REMOTE_ADDR};
return 0 unless grep $remote eq $_, @$hosts;

[download]
wouldn't taint have caught this? He's trusting user supplied data (DNS name) in an unsafe way.
No, because simply doing a regex match isn't considered "external" enough for tainted data to abort it.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

In Section Cool Uses for Perl

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://209113]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others rifling through the Monastery: (9)
As of 2024-04-18 16:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found