Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

(tye)Re: CGI OO 'param' vs. hash

by tye (Sage)
on Jul 10, 2001 at 01:34 UTC ( [id://95173]=note: print w/replies, xml ) Need Help??


in reply to Re: (Ovid) Re(4): CGI OO 'param' vs. hash
in thread CGI OO 'param' vs. hash

No, you don't need a shell for nul bytes to be a security problem. Lots of C APIs won't handle nul bytes. For example: open( X, "> test\0me.txt" ) will succeed and will create a file called simply "test".

And if you want to send something to a shell, you need to decide what characters to allow, rather than what characters to not allow. /(\w[-\w.]*)/ is a good, generic starting point.

        - tye (but my friends call me "Tye")

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://95173]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having a coffee break in the Monastery: (7)
As of 2024-04-19 08:14 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found