Re: Re: Security?

Well, the intent behind the code is kinda questionable, but let's improve it so you have something to show him.

sub makesafe
{
foreach(@_)
  {tr/;><\*`\|//d;}
}
[download]

Now you can pass it any number of arguments you want and it's easier to read.

Comment on Re: Re: Security? Download Code

Replies are listed 'Best First'.
Re: Re: Re: Security? by nothingmuch (Priest) on Apr 24, 2003 at 11:27 UTC
what about 8bit set chars? are they safe? possible sql code? quotes? cgi meta chars like '%', '&', '=' and '?'? It's hard to exhaust this list of possiblities. Instead of filtering out what may be bad, we filtering in what is okay. `tr/a-zA-Z0-9.,_-//cd; # If, for example, alphaneumericals and # '.', ',', '_', and '-' are legal inputs. # Anything else is zapped. # this is done by complementing the list # /c tells the engine to translate anything # not in the list.` [download] -nuffin zz zZ Z Z #!perl	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: Re: Security?
by nothingmuch (Priest) on Apr 24, 2003 at 11:27 UTC

tr/a-zA-Z0-9.,_-//cd; # If, for example, alphaneumericals and
                       # '.', ',', '_', and '-' are legal inputs.
                       # Anything else is zapped.
                       # this is done by complementing the list
                       # /c tells the engine to translate anything
                       # *not* in the list.
[download]

[reply]
[d/l]