Re: Re: Re: relaying arguments using system call

Hi tachyon, thanks once again.

I wonder if you have time if you could help me unravel what you're doing!
If I'm correct you are saying $var minus $ILLEGAL_CHARS equals acceptable $var. However I don't understand the expression $var = ";rm -rf /*;"; also qr/[^A-Za-z0-9._-]/; Am I right in thinking that qr//; allows you to assign the regex to the variable, rather than have it act upon the variable?

Also it looks as though the $ILLEGAL_CHARS are the one's that I would wish to keep (as per the sense of your explanation) but they are being removed from the variable.

I'm sorry if this all seems to be silly or uninformed - I am doing my best to make sense of it and I hope that by not flinching in asking silly questions now I might learn enough to start asking sensible questions in the first place!!

Comment on Re: Re: Re: relaying arguments using system call Select or Download Code

Replies are listed 'Best First'.
Re: Re: Re: Re: relaying arguments using system call by benn (Vicar) on Mar 21, 2003 at 14:34 UTC
The expression $var = ";rm -rf /;"; is an example of dangerous input - if this was passed to 'system', the ';' would mark the end of the previous command, and then system would execute the 'rm' command. The qr/[^A-Za-z0-9._-\]/; expression creates a compiled regex - a variable with regex expressions in it that is 'ready to be used' in another regex. Note that the character class [^...] starts with a 'hat'. This reverses the class so that it refers to all characters except* the ones in the class. So actually the expression says "$var minus anything that ISN'T that lot. This is often confusing I know, as the 'hat' is also used as an start-string anchor, but you get used to it :).	[reply]
Re: Re: Re: Re: Re: relaying arguments using system call by tachyon (Chancellor) on Mar 22, 2003 at 08:06 UTC
Nicely explained. cheers tachyon s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print	[reply]