Nice! I would like to see what your comments are about 90% of the other 'anti-leech' scripts out there. None of the scripts that I have seen have any taint checking nor 'use strict.'
What problem exactly were you trying to solve again?
The problem I want to solve is to stop other sites from using my bandwidth; they can link to my images, or zip files from their site, hence using my bandwidth for downloading files. This is not an 'authorization' issue. I also cannot use an Apache module since I do not have root access because my ISP is rather strict about who gets root access.
These two lines form the 'gatekeeper' aspect of the sub:
my $remote = remote_host();
return(0) unless grep /$remote/, @$hosts;
...reverse DNS lookup, I hadn't thought of that. I think what you're getting at is that I have to 'untaint'
$remote.
my $remote = remote_host();
# a domain or an ip can be letters or numbers seperated
# with '.' and there must be at least one char followed
# by a '.' with at least one char following
$remote =~ /([A-Za-z0-9\.]*[A-Za-z0-9]+\.[A-Za-z0-9]+)/;
return (0) unless length($remote) > 3;
return (0) unless grep /$remote/, @$hosts;
...I haven't tested this yet, but am I on the right track?
--
hiseldl
What time is it? It's Camel Time!