in reply to How to get into $ENV{'QUERY_STRING'}?

Hi,

You need to parse your string for ssl commands
$var =~ s/ < ! - - ( . | \ n ) * - - >//g;
don't include all the spaces in between < ! and so on until - >

Replies are listed 'Best First'.
RE: SECURITY RISK
by merlyn (Sage) on May 10, 2000 at 03:34 UTC
    There's no security risk here in most systems, because the output of CGI is not generally parsed for SSI. Methinks you have a hair-trigger on that. :)

    Even having said that, 

    $var =~ s/ < ! - - ( . | \ n ) * - - >//g;

    [download]
    is poor performing code. You want something like this instead: 
    $var =~ s/<!--.*?-->//gi;

    [download]
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom