RE: Re: File Naming

sub secure_query
{
    $_ = shift;
    s/\-+(.*)/$1/g;
    s/(.*)[ \t]+\-(.*)/$1$2/g;
    tr/\$\'\`\"\<\>\/\;\!\|/_/;
    return($_);
}#End secure_query
[download]

Comment on RE: Re: File Naming Download Code

Replies are listed 'Best First'.
RE: RE: Re: File Naming by Fastolfe (Vicar) on Aug 01, 2000 at 22:49 UTC
This is probably a little simpler and a lot safer: `$had_bad_characters = $user =~ s/\W//g; # Safer still (since what's defined as a 'word character' could change + based on locale/Unicode (?)) $user =~ s/[^a-zA-Z_-]//g; # Explicitely define what we want to ACCE +PT as valid` [download] Generally the secure approach involves defining what is acceptable and disallowing everything else, not trying to filter out what we know/anticipate to be bad, because stuff frequently slips through.	[reply] [d/l]

Replies are listed 'Best First'.

RE: RE: Re: File Naming
by Fastolfe (Vicar) on Aug 01, 2000 at 22:49 UTC

$had_bad_characters = $user =~ s/\W//g;

# Safer still (since what's defined as a 'word character' could change
+ based on locale/Unicode (?))
$user =~ s/[^a-zA-Z_-]//g;   # Explicitely define what we want to ACCE
+PT as valid
[download]

[reply]
[d/l]