We don't bite newbies here... much | |
PerlMonks |
Re: (Ovid) Re: Is this CGI search secure?by tachyon (Chancellor) |
on Jul 23, 2001 at 11:25 UTC ( [id://98929]=note: print w/replies, xml ) | Need Help?? |
Hi Ovid, I just supplied the bit I am worried about to keep it as short as possible and was just grepping a convenient perl file on my system. Yes to proof of concept. The @ lines data just get munged and goes back to the browser with links to the found stuff so that is/should be fine. The get_data() routine is just your usual bread and butter Perl. As the user does not interact directly with it I did not think it necessary to be inclued. Here it is anyway.
My main worry was null byte; "\n..."; "/@file; `rm rf`; #" type hacks. These won't work but are there others? Oh the die_nice() prints the usual "Sorry the system can not respond to your request due to routine maintenence, please try again later." back to the browser and sends the admin the real message ;-) cheers tachyon s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print
In Section
Seekers of Perl Wisdom
|
|