Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

(MeowChow) Re: Is this CGI search secure?

by MeowChow (Vicar)
on Jul 23, 2001 at 11:13 UTC ( [id://98925]=note: print w/replies, xml ) Need Help??


in reply to Is this CGI search secure?

I don't see any security issues either, but I would recommend for the sake of efficiency that you place a /o modifier on your regex, unless you plan to run this under mod_perl.
  
my @lines = grep /\Q$find/io, @$data_ref;

[download]
You can also skip all the quotemeta and untainting rigamorole for $find, if using the above construct. Perl doesn't care about the taintedness of a variable interpolated into a regex, unless the var contains an eval-group and use re 'eval' is on, which taint mode will summarily ignore. 
   MeowChow                                   
               s aamecha.s a..a\u$&owag.print

Replies are listed 'Best First'.
Re: (MeowChow) Re: Is this CGI search secure?
by wine (Scribe) on Jul 23, 2001 at 12:34 UTC

    You might want to a look at this apachecon talk to see how you can safely use the /o modifier under mod_perl. Basically saying:

    eval q{my @lines = grep /\Q$find/io, @$data_ref;}

    would solve the /o modifier problem.

    b.t.w. this talk addresses many other good points that come in handy when programming for mod_perl

[reply]
[d/l]
      You're better off using the qr operator rather than evaling run-time code for this sort of thing (I'm surprised this wasn't mentioned in the ApacheCon talk):
        
      my $re = qr/\Q$find/i;
my @lines = grep /$re/, @$data_ref;

      [download]
         MeowChow                                   
               s aamecha.s a..a\u$&owag.print
[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://98925]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (2)
As of 2024-04-19 20:47 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found