On Mon, 18 Jun 2001, Deja User wrote: > $value =~ s/(\.\.|\|$)//g; Try $value = "echo gotcha|..". Omitting $ in s/(\.\.|\|$)//g would not be perfect either because one could synthetize ".." from ".|." (OTOH, it would not allow execution of commands). The point is s/PATTERN//g removes occurences of PATTERN in the original string but (unless PATTERN is rather special, like a set of single characters, e.g. [abc], or a repeated character, e.g. aaa or a*) it can create new occurences. The best thing you can do is to refuse to process a "poisoned" value rather than try to "neutralize" it. Another approach, still quite safe, is to filter out *all but known-to-be-harmless* characters with tr///. Anything else is too error-prone, IMHO. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 08:20:29 PDT