Tainting Untainting
I am trying to write code that insure safe input from a
form.
This is what I have come up with after a few days of
study...
Being that I am a beginner at this I am sure it is quite
incomplete,
but I don't know how.
Help? Ideas? Pointers?
Thanks
Lou
# chomps n's
$value =~ s/n//g;
# deletes embedded HTML comments - Security measure to
prevent subverting
server side includes
$value =~ s/<!--(.|n)*-->//g;
# Filters out everything not in th is list
a-zA-Z0-9.-_
$value =~ s/[^a-z0-9.-_]//ixg; # i=ignore case
x=ignore
whitespace g=all occurances
# Check for email address. if an appears, split and
reconstitiute as an
email address
if ($value =~ m/*./) # email address else
{
#### This will untaint for -T
$value =~ m/(S+)([w.-]+)/;
$value = "$1$2";
}
# delete first dashes
#while (m/-*/)
while (substr($value,0,1) eq "-")
{
$value = substr($value,1,(length $value) - 1);
}
# delete commands system, exec & unlink
if ($value =~ m/system/i || $value =~ m/exec/i || $value
=~ m/unlink/i)
{
FailPage("Unsafe verbage is being used.<BR>Do
not use the phrase
"$value"");
}
Unsubscribing info is here: h
ttp://help.yahoo.com/help/us/groups/groups-32.html
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://g
roups.yahoo.com/group/perl-beginner/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http
://groups.yahoo.com/group/perl-beginner/join
(Yahoo! ID required)
<*> To change settings via email:
mailto:perl-beginner-digest@yahoogroups.com
mailto:perl-beginner-fullfeatured@yahoogroups.com
<*> To unsubscribe from this group, send an email to:
perl-beginner-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|
)
>
> srini vasan <ensrinivasan