taint problem 2

Hi

using the code i found in programming perl

$keycode =~/([\w-. ]+)/;#untaint a tainted user input
my $code = $1;

my error logs show

False [] range "\w-" before HERE mark in regex m/^([\w- << HERE !_]+).*/

for the line $keycode =~/([\w-. ]+)/

Only google ref i found was for ipchains but not using in this app,

Mark
Obantec Support [ Do, 10 Februar 2005 11:46 ] [ ID #636024 ]

Re: taint problem 2

Obantec Support wrote:
> using the code i found in programming perl
>
> $keycode =~/([\w-. ]+)/;#untaint a tainted user input
> my $code = $1;

Where in "Programming Perl" did you find that code?

> my error logs show
>
> False [] range "\w-" before HERE mark in regex m/^([\w- << HERE !_]+).*/
>
> for the line $keycode =~/([\w-. ]+)/

Let the dash be the first (or last) char within brackets:

[-\w. ]

(or else Perl thinks it's a range).

--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
Gunnar Hjalmarsson [ Do, 10 Februar 2005 12:28 ] [ ID #636647 ]

Re: taint problem 2

"Gunnar Hjalmarsson" <noreply [at] gunnar.cc> wrote in message
news:370vnuF58k0jtU1 [at] individual.net...
> Obantec Support wrote:
> > using the code i found in programming perl
> >
> > $keycode =~/([\w-. ]+)/;#untaint a tainted user input
> > my $code = $1;
>
> Where in "Programming Perl" did you find that code?
>
> > my error logs show
> >
> > False [] range "\w-" before HERE mark in regex m/^([\w- << HERE !_]+).*/
> >
> > for the line $keycode =~/([\w-. ]+)/
>
> Let the dash be the first (or last) char within brackets:
>
> [-\w. ]
>
> (or else Perl thinks it's a range).
>
> --
> Gunnar Hjalmarsson
> Email: http://www.gunnar.cc/cgi-bin/contact.pl

My mistake i did find a similar code on page 562 but for some reason went
with some code i must have googled.

http://gunther.web66.com/FAQS/taintmode.html your site? has similar code.

Fixed using page 562 code.

Mark
Obantec Support [ Do, 10 Februar 2005 13:28 ] [ ID #636648 ]

Re: taint problem 2

Obantec Support wrote:
> Gunnar Hjalmarsson wrote:
>> Obantec Support wrote:
>>> using the code i found in programming perl
>>>
>>> $keycode =~/([\w-. ]+)/;#untaint a tainted user input
>>> my $code = $1;
>>
>> Where in "Programming Perl" did you find that code?
>
> My mistake i did find a similar code on page 562 but for some reason went
> with some code i must have googled.
>
>> Let the dash be the first (or last) char within brackets:
>>
>> [-\w. ]
>>
>> (or else Perl thinks it's a range).
>
> http://gunther.web66.com/FAQS/taintmode.html your site? has similar code.

No, it's not my site. What made you ask that?

That site seems to be written by some wannabe Perl helper who tries to
explain taint mode with code that doesn't pass warnings!!

--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
Gunnar Hjalmarsson [ Do, 10 Februar 2005 16:53 ] [ ID #636650 ]
Perl » alt.perl » taint problem 2

Vorheriges Thema: building hash from stream based string with unknown number of lines?
Nächstes Thema: How often to you rape your computer ???

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum