in reply to Stopping bad input (harder than sanitizing)

#!/usr/bin/perl

use strict;
use warnings;
use Tk;
$| = 1;

my $search_pattern = '';

my $mw = MainWindow->new;
$mw->geometry( '+700+300' );
my $search = $mw->Entry (-width => 20, -textvariable => \$search_patte
+rn)->pack;
$search->bind('<KeyPress-Return>', \&search);
$search->focus;
$mw->Button(-text => 'Clear', -command => sub {$search_pattern = ''})-
+>pack;
$mw->Button(-text => 'Exit', -command => sub {$mw->destroy})->pack;

MainLoop;

sub search
  {
  my ($string );
  print "Pattern entered into Search-box is:  $search_pattern\n   ";
  use Data::Dump 'dd'; dd 'got', [ $search_pattern ];
  ## CHECK $search_pattern and untaint:
  if( $search_pattern =~ /^([\w\s\-\:\_\d]+)$/ )
    {  ## make sure it only contains \w, '-' , ':' , '_' , and digits
    $string = $1; ## DON'T forget 's -- space between prog and $arg
    print "\$string is untainted; \$string = $string \n ";
    }
  else
    {
    print "OOPS! data is tainted or empty. TRY AGAIN...\n  ";
    }
  }

[download]

Replies are listed 'Best First'.
Re^2: Stopping bad input (harder than sanitizing)
by Anonymous Monk on Mar 10, 2021 at 20:29 UTC

    I just noticed the code you posted. I tried it - it works the way I want. I am gonna play with it, and see if it can be added to my program. Thanks.

[reply]
Re^2: Stopping bad input (harder than sanitizing)
by Anonymous Monk on Mar 10, 2021 at 22:06 UTC

    I got your code incorporated. Your code is quite simple. I am working on something thats quite large (1000 lines). Should $| be at the beginning of the program? If I enter '[' in the Tk::Entry widget I get "stack moved" error. If I promptly hit <RET> it still freezes. I pass data to $search_pattern via <code? $search_pattern = $entry -> get(); </code> Ideas?

[reply]

In Section Seekers of Perl Wisdom