in reply to Re: request for review: file reading security
in thread request for review: file reading security

that's why there is $req =~ s/^.*\///; which should take care of that.

Replies are listed 'Best First'.
Re^3: request for review: file reading security
by pbeckingham (Parson) on Sep 05, 2004 at 14:58 UTC

    I believe your code should look for literal periods: 

      $req =~ s/^\.\.\///;

    [download]
    But that's still poor, because what about: 
       blah/../../topsecretpages/page.html

    [download]
    or 
       ../../topsecretpages/page.html

    [download]
     Update: Chady is right. I retract.



    pbeckingham - typist, perishable vertebrate.
[reply]
[d/l]
[select]

      His regular expression does the job well. It strips everything until the last / 

      $req = 'blah/../../topsecretpages/page.html';
$req =~ s/^.*\///;
print $req;
__END__
page.html

      [download]
      He who asks will be a fool for five minutes, but he who doesn't ask will remain a fool for life.
      Chady | http://chady.net/
      Are you a Linux user in Lebanon? join the Lebanese Linux User Group.
[reply]
[d/l]

In Section Seekers of Perl Wisdom