Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked

(tye)Re: CGI OO 'param' vs. hash

by tye (Sage)
on Jul 10, 2001 at 01:34 UTC ( #95173=note: print w/replies, xml ) Need Help??

in reply to Re: (Ovid) Re(4): CGI OO 'param' vs. hash
in thread CGI OO 'param' vs. hash

No, you don't need a shell for nul bytes to be a security problem. Lots of C APIs won't handle nul bytes. For example: open( X, "> test\0me.txt" ) will succeed and will create a file called simply "test".

And if you want to send something to a shell, you need to decide what characters to allow, rather than what characters to not allow. /(\w[-\w.]*)/ is a good, generic starting point.

        - tye (but my friends call me "Tye")

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://95173]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (3)
As of 2023-02-04 00:05 GMT
Find Nodes?
    Voting Booth?
    I prefer not to run the latest version of Perl because:

    Results (30 votes). Check out past polls.