laziness, impatience, and hubris | |
PerlMonks |
Re: Dangerous Characters for system callsby graff (Chancellor) |
on Oct 15, 2013 at 23:53 UTC ( [id://1058372]=note: print w/replies, xml ) | Need Help?? |
Following up on the 2nd reply (++ on that one), I think it's hard to imagine a situation where the content from an email form "has to be passed through various Linux system calls." Maybe you think it has to, but I suspect you're wrong.
Whatever Linux processes you're talking about, there are bound to be ways to do what you intend to do without exposing untrusted text to a shell command line. As for what the "risky" characters are, it's likely that all ASCII characters that match [^^/%@+\w-] are able to invoke "non-literal meanings" in a bash command line. Some (like ~ or #) might only do this if they occur in certain positions. As for any non-ASCII characters that might happen to show up from a web form, well, who knows... I'd rather not have to experiment with that.
In Section
Seekers of Perl Wisdom
|
|