Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re: taint check that I thought worked

by welchavw (Pilgrim)
on Feb 02, 2004 at 17:04 UTC ( #325912=note: print w/ replies, xml ) Need Help??


in reply to taint check that I thought worked

I think you want \Z, not \z. Also, you want {1,16}, not {1-16}.

,welchavw


Comment on Re: taint check that I thought worked
Re: Re: taint check that I thought worked
by ysth (Canon) on Feb 02, 2004 at 17:18 UTC
    \Z (upper-case) matches either at the end of the string or just before a newline at the end of the string (just like $ normally does; but $'s behaviour changes with the /m flag, \Z always stays the same).

    \z (lower-case) matches only at the end of the string, and is probably what he (assuming for the moment that "punk" implies "male") wants.

      In this case, I belive that \z and \Z would be equivalent, as \W chars (including \n's) are stripped just before the matching. Am I right?

        Yes; I had missed that part. So the function boils down to:
        print "failure" and return 1 if contains _ or more than 16 alphanumeri +cs otherwise return alphanumerics.
        I suspect the _ and return 1 parts are unintentional, and the function would be better as:
        sub untaint_username { my $tainted = shift; # remove non-alphanumerics $tainted =~ y/a-zA-Z0-9//cd; # or s/[\W_]//g # must be 1-16 characters return "$1" if $tainted =~ /\A(.{1,16})\z/; print "failure\n"; return; }

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://325912]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (5)
As of 2015-07-03 21:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (56 votes), past polls