comment on

You don't need a shell for a nul to be a security problem. See (tye)Re: CGI OO 'param' vs. hash.

As for the PerlMonks issue, I don't see a whole lot of point in having nul bytes in PM URLs be treated nicely. I doubt they can be supported in the underlying database so they have no use so why shouldn't they give you a useless page?

So long as they are detected and prevented from doing damage, I'm happy (I'm not sure that they are being detected but it certainly could be that the nul detector just dies and that triggers the 500 error, which is fine with me).

- tye (but my friends call me "Tye")

In reply to (tye)Re: %00 causes server error by tye
in thread %00 causes server error by Anonymous Monk

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


Your skill will accomplish what the force of many cannot
	PerlMonks