If you've got it to work by now, may I point out a couple of possible problems (if you deliberately glided over these issues in the interests of simplicity, I apologise in advance :).

(NB: I assume, for the sake of argument, that you are prompting a user to enter (a full filepath to) a directory, and then letting them do something with this directory unless it is on the 'banned' list.)

1. Windoze filenames are case-INsensitive. So as well as banning 'd:/perl' you need to ban 'D:/Perl', etc. This is of course easy to solve.

2. You generally need to check for the user entering 'd:/perl/' and 'd:/perl\' (or 'd:perl\\' etc) as well as 'd:/perl'. This is easy to solve too.

3. If there is any chance of you needing to ban the current directory (where the code is being executed) and/or its parent, you should check for the user entering '.' or '..' (best, probably, to put them in your 'banned' list).

4. Concerning the following lines of your code:

$folder =~ /^($bannedF[$_]).*/;
return BANNED if ($1);

[download]

I'm not sure what it does. If it is simplified to:

return BANNED if $folder =~ /^($bannedF[$_]).*/;

the problem becomes more apparent, namely that if you ban for example 'c:/win', you are also banning folders such as 'c:/wings', 'c:/winter_weather' etc. One way to solve this would be to ban anything that starts with 'c:/win/' (having stripped out spurious trailing slashes as under point 2 above).

There are no doubt other 'security' problems than those listed above, and more checking of user input is certainly required. However, this is how I'd do it if security weren't a vital issue:

use strict;
use warnings;

# Global variables:
use vars qw ( @BANNED $INC_SUBDIRS );
@BANNED = qw ( .
               ..
               c:/perl/progs
               c:/winnt/system32
               d:
              );
$INC_SUBDIRS = 1; # change to 0 or '' to turn off

print "Enter a full pathname: ";
chomp ( my $dir = <> );

# Remove trailing slashes:
$dir =~ s{[/\\]+$}{}g;          ;
print "Verboten!" and exit if is_banned( $dir );

# Just for testing:
opendir DIR, $dir or die "can't opendir $dir: $!";
print "$_\n" for readdir DIR;
closedir DIR;

sub is_banned {
   my $folder = lc shift; # lc for lower case
   for ( @BANNED ) {
      return 1 if $folder eq $_;
      if ( $INC_SUBDIRS ) {
          return 1 if $folder =~ /^$_\//;
      }
   }
}

[download]

hth

dave

In reply to Re: Reg Ex : an odd error... by Not_a_Number
in thread Reg Ex : an odd error... by Foggy Bottoms

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.