The stupid question is the question not asked | |
PerlMonks |
Re: First Time Untainting Databy Abigail-II (Bishop) |
on Oct 10, 2003 at 15:39 UTC ( [id://298286]=note: print w/replies, xml ) | Need Help?? |
Two things: first, your untaint function isn't untainting
the data. Removing parts from a tainted string doesn't make
it untainted. Match (in parens) what you allow, and use that
($1) - that will be untainted. See the perlsec manual page.
But looking at the rest of the program, I don't think you are doing anything that isn't insecure. Abigail
In Section
Seekers of Perl Wisdom
|
|