taint problem

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

hi,

i'm trying to taint some form input field values. the regex and form checking seems to work but it totally makes the scalar blank after untainting. can anyone figure out what i'm doing wrong? i think it could be due to my regex??


our $lastname = $INPUT->param('lastname');
         if ($lastname =~ /^[\s\w.'-]+$/ && length($lastname) < 28) {
                $lastname = $1;                     # $data now untain
+ted
            } else {
                our $error_msg_xxx = '<li>Please Check the Last Name f
+ield';
                push my @form_values, "lastname";
                $error_yes++;
            }
[download]

when i type in a valid last name that passes the regex, the scalar is blank.

thanks

Comment on taint problem Download Code

Replies are listed 'Best First'.
Re: taint problem by tlm (Prior) on May 31, 2005 at 05:38 UTC
That's because `$1` is not defined, since your regexp is not capturing anything; you need parentheses for that. Try this: `if ($lastname =~ /^([\s\w.'-]+)$/ && length($lastname) < 28) +{ $lastname = $1; # $data now untain +ted` [download] the lowliest monk	[reply] [d/l]
Re: taint problem by Zaxo (Archbishop) on May 31, 2005 at 05:37 UTC
You need parentheses in the regex to capture the name to $1. After Compline, Zaxo	[reply]
Re: taint problem by monarch (Priest) on May 31, 2005 at 05:38 UTC
Would you like to put parenthesis around the text that you match that you'd like to keep? $1 will contain the value contained in the first set of parenthesis in the match. $2 will contain the value contained in the second set of parenthesis in the match. And so on. e.g. `if ( $lastname =~ m/^([\s\w.'-]+)$/ ...` [download] It follows that if there are no parenthesis then $1 will be empty.	[reply] [d/l]