Gunnar, Thank you. Excellent suggestion. Undoubtedly I've gota lota unnecessary untaintin' goin' on!
Thanks, John Kent -----Original Message----- From: Gunnar Hjalmarsson [mailto:[EMAIL PROTECTED] Sent: Saturday, July 17, 2004 11:37 AM To: [EMAIL PROTECTED] Subject: Re: Efficient Untaint? Mr. John Kent wrote: > Is there a more efficient/better way to untaint variables > pulled from a cgi query object? > > Here is an example of what I am currently doing: > > #!/usr/bin/perl -wT > use strict; > use CGI; > my($query) = new CGI; > > # I then have 30 untaint checks like this before I start > # coding. Do all the 30 parameters need to be validated in the form of untainting? For params that will not be used directly in system operations, you may want to consider something simpler. Personally I like to populate a hash with the CGI input, and assuming that has been done, and that you don't need to reassign the parameters in the CGI object, you could for instance do: $in{MOSAIC_SCALE} =~ /^\d+$/ or $in{MOSAIC_SCALE} = 20; or even just: $in{MOSAIC_SCALE} ||= 20; For params that need untainting, I like Jeff's suggestion. -- Gunnar Hjalmarsson Email: http://www.gunnar.cc/cgi-bin/contact.pl -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response> -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
