Beefy Boxes and Bandwidth Generously Provided by pair Networks DiBona
No such thing as a small change
 
PerlMonks  

SECURITY RISK

by Anonymous Monk
on May 09, 2000 at 22:32 UTC ( [id://10840]=note: print w/replies, xml ) Need Help??

This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.


in reply to How to get into $ENV{'QUERY_STRING'}?

Hi,

You need to parse your string for ssl commands
$var =~ s/ < ! - - ( . | \ n ) * - - >//g;
don't include all the spaces in between < ! and so on until - >

Replies are listed 'Best First'.
RE: SECURITY RISK
by merlyn (Sage) on May 09, 2000 at 23:34 UTC
    There's no security risk here in most systems, because the output of CGI is not generally parsed for SSI. Methinks you have a hair-trigger on that. :)

    Even having said that, 

    $var =~ s/ < ! - - ( . | \ n ) * - - >//g;

    [download]
    is poor performing code. You want something like this instead: 
    $var =~ s/<!--.*?-->//gi;

    [download]
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://10840]
help
Sections?
Information?
Find Nodes?
Leftovers?
    Notices?
    hippoepoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
    erzuuliAnonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.