Re: Re: taint check that I thought worked

\Z (upper-case) matches either at the end of the string or just before a newline at the end of the string (just like $ normally does; but $'s behaviour changes with the /m flag, \Z always stays the same).

\z (lower-case) matches only at the end of the string, and is probably what he (assuming for the moment that "punk" implies "male") wants.

Comment on Re: Re: taint check that I thought worked

Replies are listed 'Best First'.
Re: Re: Re: taint check that I thought worked by ambrus (Abbot) on Feb 03, 2004 at 10:58 UTC
In this case, I belive that `\z` and `\Z` would be equivalent, as \W chars (including \n's) are stripped just before the matching. Am I right?	[reply] [d/l] [select]
Re: Re: Re: Re: taint check that I thought worked by ysth (Canon) on Feb 03, 2004 at 16:06 UTC
Yes; I had missed that part. So the function boils down to: `print "failure" and return 1 if contains _ or more than 16 alphanumeri +cs otherwise return alphanumerics.` [download] I suspect the _ and return 1 parts are unintentional, and the function would be better as: `sub untaint_username { my $tainted = shift; # remove non-alphanumerics $tainted =~ y/a-zA-Z0-9//cd; # or s/[\W_]//g # must be 1-16 characters return "$1" if $tainted =~ /\A(.{1,16})\z/; print "failure\n"; return; }` [download]	[reply] [d/l] [select]