Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options

RE: CGI Security and the null byte problem

by extremely (Priest)
on Oct 26, 2000 at 10:39 UTC ( #38560=note: print w/ replies, xml ) Need Help??

in reply to CGI Security and the null byte problem

You left out a simple example or two on how to specify what you will allow. So, Allow me =)

my $file = $cgi->param( 'file' ); my $data; # # One way # $file =~ s#[^A-Z0-9a-z.]+##g; #strip down to alphanum and period # can change the meaning of what people post. $file =~ m#(.*)#; #evil evil evil if you haven't striped. $data = $1 || ""; #not really necessary to have alternate, nice tho. # # Alternate way # $file =~ m#([A-Z0-9a-z.]+)#; #grab first good chunk. # can potentially ignore a lot of data and boggle the user $data = $1 | ""; #you really want this now, match can fail. # # My "best" way # die "Eeeek! Evil data sent to the 'file' parameter!\n" if ($file =~ m#[^A-Z0-9a-z.]#); #now use the first method above to detaint anyway...

$you = new YOU;
honk() if $you->love(perl)

Comment on RE: CGI Security and the null byte problem
Download Code

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://38560]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (8)
As of 2015-11-25 07:00 GMT
Find Nodes?
    Voting Booth?

    What would be the most significant thing to happen if a rope (or wire) tied the Earth and the Moon together?

    Results (671 votes), past polls