bcrowell2 has asked for the wisdom of the Perl Monks concerning the following question:
This web page gives the following example:
-
You should also continue to master Perl if you want to ensure security. For example, if alarm bells don't immediately go off in your head when you see something like this:
then you need to keep studying. The problem with this code is that when the match fails, $1 is left over from a previous match. This kind of code can be used as a security exploit, if the attacker can access the source code or have an idea that this is happening. It's code that ``looks right'' but definitely isn't. But isn't the use of the = sign, rather than =~, also incorrect?$input = /(\w+)/; my $keyword = $1;
Back to
Seekers of Perl Wisdom