in reply to Security?

Urg, sorry. The actual code follows:

sub makeSafe{
  my $value = $_[0];
  if($value =~ m/[;><\*`\|]/){
    $value =~ s/[;><\*`\|]//g;
  }
  return $value;
}

[download]
Again, sorry :-/

antirice    
The first rule of Perl club is - use Perl
The ith rule of Perl club is - follow rule i - 1 for i > 1

Replies are listed 'Best First'.
Re: Re: Security?
by Improv (Pilgrim) on Apr 24, 2003 at 03:36 UTC
    Well, the intent behind the code is kinda questionable, but let's improve it so you have something to show him. 
    sub makesafe
{
foreach(@_)
  {tr/;><\*`\|//d;}
}

    [download]
    Now you can pass it any number of arguments you want and it's easier to read.
[reply]
[d/l]
      what about 8bit set chars? are they safe? possible sql code? quotes? cgi meta chars like '%', '&', '=' and '?'? It's hard to exhaust this list of possiblities.

      Instead of filtering out what may be bad, we filtering in what is okay. 
      tr/a-zA-Z0-9.,_-//cd; # If, for example, alphaneumericals and
                       # '.', ',', '_', and '-' are legal inputs.
                       # Anything else is zapped.
                       # this is done by complementing the list
                       # /c tells the engine to translate anything
                       # *not* in the list.

      [download]


      -nuffin
      zz zZ Z Z #!perl
[reply]
[d/l]

In Section Seekers of Perl Wisdom