Update: This was intended as an answer to re ^2; specifically, how to untaint. Apologies for any confusion caused by my confusion. :-)
Anonymonk gave you the bullet version; sierpinski provided the details. Very simply, write a regular expression to reject anything which is NOT acceptable -- for your purposes, acceptable input might well be constrained to
/^[A-Za-z0-9]+\.jpg$/i
...that is, a name beginning with an upper or lowercase alpha character or a digit, followed by any number of alphas or digits, followed by a period and "jpg". The "^" and "$"mark the beginning and end of your $search string, thus preventing someone from sending you a file called
foo.jpg.delete_everything.exe.
Alternately, your could reject everything except the char set just discussed by using
/^[^A-Za-z0-9]+\.jpg$/i
...which is the inverse set-- anything that is NOT an upper or lowercase alpha or digit matches, in which case you would want to reject anything that DOES match this one. (if you wish to accept "*.jpeg" you'll need to extend these regexen.)
BTW, the shebang is better written as
#!/usr/bin/perl -wT
I suspect your version will fail. And, for your own sanity and safety:
- use strict; use warnings;
- ALWAYS untaint any user input that's coming from anyone other than you, yourself
- Read (re-read?) Ovid's CGI course (Super Search will find a recent link for you if it's not currently listed in Tutorials) and perlretut
- Use chomp rather than chop when you're trying to remove the newline from input
- and, re line 13 in your re ^3, below, the single quotes around $search mean your're telling the regex to match the string comprised of a dollar-sign followed by the letters s,e,a,r,c,h. Read about interpolation: oversimplified, a variable which is in inside single quotes is treated as a literal; a var inside double quotes -- or, in this case, NOT INSIDE QUOTES AT ALL -- is interpolated (meaning, its content is used). See walkingthecow's regex -- but don't use that code without adding -wT, at which time you will have to include a routine (regex) to untaint the untrusted user input.
And, as to your question in re ^3, consider: Where do you expect the value of $_ to come from? Again, see walkingthecow's answer, below.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.