Re: Re: Untainting 'bad' filenames

Yikes, newlines! Thanks. I forgot about the //s.

BTW, I make sure the $1 is localized by wrapping the regex in its own block. That's something I learned a couple months ago.

Comment on Re: Re: Untainting 'bad' filenames

Replies are listed 'Best First'.
Re: Re: Re: Untainting 'bad' filenames by chipmunk (Parson) on Dec 08, 2000 at 20:13 UTC
That ensures that the value of $1 from a successful match does not leak outside the block, but it doesn't protect you from $1 from an earlier successful match leaking into the block: `#!/usr/local/bin/perl -w use strict; $_ = 'perlmonks.org'; for my $re (qw/monks minks/) { /(perl)/; print "$1\n"; { # new block for regex /($re)/; print "$1\n"; } } __END__ perl monks perl perl` [download] It's generally necessary to check whether a regex succeeded before using any of the regex special variables.	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: Re: Untainting 'bad' filenames
by chipmunk (Parson) on Dec 08, 2000 at 20:13 UTC

#!/usr/local/bin/perl -w

use strict;

$_ = 'perlmonks.org';

for my $re (qw/monks minks/) {
  /(perl)/;

  print "$1\n";

  {
    # new block for regex
    /($re)/;
    print "$1\n";
  }
}
__END__
perl
monks
perl
perl
[download]

[reply]
[d/l]