You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@perl.apache.org by Stas Bekman <st...@stason.org> on 2002/04/16 04:54:44 UTC
Re: cvs commit: modperl/File File.pm
> + ($tmpfile) = $tmpfile =~ /^([^<>|;*]+)$/; #untaint
Doug, will this do the right thing on all platform? I'm simply looking for
a similar solution to a bug in Cwd.pm to generically untaint a path.
Shouldn't '?\[\]' be in the forbidden set? These are all parts of the
wild chars set (at least in the shells that I know).
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: cvs commit: modperl/File File.pm
Posted by Doug MacEachern <do...@covalent.net>.
On Tue, 16 Apr 2002, Stas Bekman wrote:
> > + ($tmpfile) = $tmpfile =~ /^([^<>|;*]+)$/; #untaint
>
> Doug, will this do the right thing on all platform? I'm simply looking for
> a similar solution to a bug in Cwd.pm to generically untaint a path.
> Shouldn't '?\[\]' be in the forbidden set? These are all parts of the
> wild chars set (at least in the shells that I know).
wild chars sets won't do much good if a shell can't be spawned, which is
what ; and | prevent. the '*' probably doesn't need to be there. i
dunno, this has been the same for years. if there's a better "standard"
untaint expression, feel free to update it.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org