For Programmers: Free Programming Magazines  


Home > Archive > PERL Programming > February 2005 > taint problem 2









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author taint problem 2
Obantec Support

2005-02-10, 8:56 am

Hi

using the code i found in programming perl

$keycode =~/([\w-. ]+)/;#untaint a tainted user input
my $code = $1;

my error logs show

False [] range "\w-" before HERE mark in regex m/^([\w- << HERE !_]+).*/

for the line $keycode =~/([\w-. ]+)/

Only google ref i found was for ipchains but not using in this app,

Mark


Gunnar Hjalmarsson

2005-02-10, 8:56 am

Obantec Support wrote:
> using the code i found in programming perl
>
> $keycode =~/([\w-. ]+)/;#untaint a tainted user input
> my $code = $1;

Where in "Programming Perl" did you find that code?

> my error logs show
>
> False [] range "\w-" before HERE mark in regex m/^([\w- << HERE !_]+).*/
>
> for the line $keycode =~/([\w-. ]+)/

Let the dash be the first (or last) char within brackets:

[-\w. ]

(or else Perl thinks it's a range).

--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
Obantec Support

2005-02-10, 8:56 am

"Gunnar Hjalmarsson" <noreply@gunnar.cc> wrote in message
news:370vnuF58k0jtU1@individual.net...
> Obantec Support wrote:
>
> Where in "Programming Perl" did you find that code?
>
>
> Let the dash be the first (or last) char within brackets:
>
> [-\w. ]
>
> (or else Perl thinks it's a range).
>
> --
> Gunnar Hjalmarsson
> Email: http://www.gunnar.cc/cgi-bin/contact.pl

My mistake i did find a similar code on page 562 but for some reason went
with some code i must have googled.

http://gunther.web66.com/FAQS/taintmode.html your site? has similar code.

Fixed using page 562 code.

Mark


Gunnar Hjalmarsson

2005-02-10, 3:56 pm

Obantec Support wrote:
> Gunnar Hjalmarsson wrote:
>
> My mistake i did find a similar code on page 562 but for some reason went
> with some code i must have googled.
>
>
> http://gunther.web66.com/FAQS/taintmode.html your site? has similar code.

No, it's not my site. What made you ask that?

That site seems to be written by some wannabe Perl helper who tries to
explain taint mode with code that doesn't pass warnings!!

--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
Sponsored Links







Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com