in reply to Re^2: Insecure dependency error and $ENV{'PATH'}
in thread Insecure dependency error and $ENV{'PATH'}

$branch =~ /^([\w-]+)$/i;
$branch = $1;

[download]
This is not safe, particularly since you are doing this in the name of untainting.

Never never never use $1 unless you've also checked that the match has succeeded.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

Replies are listed 'Best First'.
Re^4: Insecure dependency error and $ENV{'PATH'}
by bradcathey (Prior) on Aug 05, 2004 at 19:03 UTC
    Thanks for the gentle reprimand merlyn. I did state that I controlled $branch, but I do now see how it could get hacked anyway. Your point is well-taken.

    —Brad
    "Don't ever take a fence down until you know the reason it was put up. " G. K. Chesterton
[reply]

In Section Seekers of Perl Wisdom