On Tue, 16 Apr 2002, Stas Bekman wrote: > > + ($tmpfile) = $tmpfile =~ /^([^<>|;*]+)$/; #untaint > > Doug, will this do the right thing on all platform? I'm simply looking for > a similar solution to a bug in Cwd.pm to generically untaint a path. > Shouldn't '?\[\]' be in the forbidden set? These are all parts of the > wild chars set (at least in the shells that I know).
wild chars sets won't do much good if a shell can't be spawned, which is what ; and | prevent. the '*' probably doesn't need to be there. i dunno, this has been the same for years. if there's a better "standard" untaint expression, feel free to update it. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
