in reply to Re: Remove or Identify Shell Commands In A Form
in thread Remove or Identify Shell Commands In A Form

Thank you Zaxo, for the reply.

However, my main concern is not to actually execute the commands, but to do so inadvertantly. For instance, if a field in the form collects an email address that is in turn used as a "reply to" and the form results are emailed to another, I do not want to open a window for the unkind people who may try to insert shell commands there to hack the site. The scope of the posted method is simply to gather the data from the form, do a limited validation of the data, and send it back to the calling script in the form of a hash_ref. The use of the form data is done within the calling script.

  • Comment on Re^2: Remove or Identify Shell Commands In A Form

Replies are listed 'Best First'.
Re^3: Remove or Identify Shell Commands In A Form
by kappa (Chaplain) on Nov 26, 2004 at 18:58 UTC

    If you follow Zaxo's advice you will achieve exactly that -- you'll save yourself from inadvertently running shell commands from malicious users. Just do not pass user input to shell.

    Or maybe we both cannot understand your question.

    --kap
[reply]

In Section Seekers of Perl Wisdom