Hi monks!!
I'm use unfortunatly IIS and when I'have started my cgi on this platform I have discovered the Too late for -T switch.. and I have read the wonderful post Alternatives to Taint Checking? and with the following code I try to resolve this deficency:
Could some wise monk review this ??
#!perl -w<P>
use CGI qw/:all -nph/;
$POST_MAX=100;
$DISABLE_UPLOAD=1;
$q=new CGI;<P>
#et cetera..<P>
$pattern=qr/(\w-]+\.){2,5}[a-zA-Z]{2,4}\b)/;
$good_param_qs=&taint_param('qs',$pattern );<P>
#do staff with almost-tainted param qs...............<P>
sub taint_param()
{
$parametro=shift;
$matching=shift;
if ($q->param($parametro)=~/($matching)/){return $1}
else{print"Invalid parameter!\n\n";return undef}
}
greetings from sunny Roma
Lorenzo*