On Jan 11, 8:21 am, nore...@gunnar.cc (Gunnar Hjalmarsson) wrote:
> Adam Jimerson wrote:
> > Gunnar Hjalmarsson wrote:
> >> You don't say what to do if the untainting fails. This code:
>
> >> if ($name =~ /^([...@\w.]+)$/) {
> >> $name = $1;
> >> };
>
> >> should better be:
>
> >> if ($name =~ /^([...@\w.]+)$/) {
> >> $name = $1;
> >> } else {
> >> die "Untainting of the name failed";
> >> }
>
> >> Please consider, for instance, what happens if the user submits both a
> >> first and last name.
>
> > It seams I over looked the space, is it possible to include spaces in the
> > search string?
>
> Of course it is. What you call search string is a regular expression.
>
> Obviously you have some reading to do:
>
> http://perldoc.perl.org/perlrequick.html
>
> http://perldoc.perl.org/perlretut.html
>
> http://perldoc.perl.org/perlre.html
>
>
>
> >> Since this is about a contact form, I can't help calling your attention
> >> to my contact form module. The link in the sig below takes you to a form
> >> that was created by that module. The whole code that is needed, given
> >> that the form has been installed, is:
>
> >> #!/usr/bin/perl -T
> >> use CGI::ContactForm;
>
> >> contactform (
> >> recname => 'My Name',
> >> recmail => '....@example.com',
> >> styleurl => '/style/ContactForm.css',
> >> );
>
> >> You find the module at CPAN:
> >>http://search.cpan.org/dist/CGI-ContactForm/
>
> > Your form looks interesting, but in the long run I think it would benefit me
> > more learning wise to fix my program.
>
> For some definition of benefit, maybe. ;-)
>
> --
> Gunnar Hjalmarsson
> Email:http://www.gunnar.cc/cgi-bin/contact.pl
Yea I looked it up and all I needed to do was add \s for whitespaces,
now that that is solved and everything is working the question comes
to mind (I'm sure a Google search would help me here) what about if
the program handled uploaded files would they need to be untainted as
well and if so how? Perlsec didn't cover that, but I figure that
something like that is kind of advanced to include in a doc page.
--
To unsubscribe, e-mail: beginners-cgi-unsubscr...@perl.org
For additional commands, e-mail: beginners-cgi-h...@perl.org
http://learn.perl.org/
