bcrowell2 has asked for the wisdom of the Perl Monks concerning the following question:
This web page gives the following example:
-
You should also continue to master Perl if you want to ensure security. For example, if alarm bells don't immediately go off in your head when you see something like this:
then you need to keep studying. The problem with this code is that when the match fails, $1 is left over from a previous match. This kind of code can be used as a security exploit, if the attacker can access the source code or have an idea that this is happening. It's code that ``looks right'' but definitely isn't. But isn't the use of the = sign, rather than =~, also incorrect?$input = /(\w+)/; my $keyword = $1;
|
---|
Replies are listed 'Best First'. | |
---|---|
•Re: = rather than =~ ?
by merlyn (Sage) on Jan 01, 2004 at 17:21 UTC | |
by pg (Canon) on Jan 01, 2004 at 20:15 UTC | |
by diotalevi (Canon) on Jan 01, 2004 at 23:01 UTC | |
Re: = rather than =~ ?
by jweed (Chaplain) on Jan 01, 2004 at 17:18 UTC | |
Re: = rather than =~ ?
by Anonymous Monk on Jan 01, 2004 at 17:17 UTC | |
by tachyon (Chancellor) on Jan 02, 2004 at 03:17 UTC | |
by ysth (Canon) on Jan 02, 2004 at 04:11 UTC | |
by Aristotle (Chancellor) on Jan 02, 2004 at 04:22 UTC | |
by Coruscate (Sexton) on Jan 02, 2004 at 05:43 UTC | |
by mrpeabody (Friar) on Jan 02, 2004 at 19:44 UTC | |
by Aristotle (Chancellor) on Jan 02, 2004 at 22:00 UTC | |
by BrowserUk (Patriarch) on Jan 02, 2004 at 20:31 UTC | |
Re: = rather than =~ ?
by SavannahLion (Pilgrim) on Jan 02, 2004 at 07:09 UTC | |
Re: = rather than =~ ?
by inman (Curate) on Jan 02, 2004 at 18:04 UTC |
Back to
Seekers of Perl Wisdom