Hi people,
I know this isn't the Perl mailling list but I hoped that someone who knows
it well enough and has possibly done something similar to this may be able
to help me quickly and if they wish, off the list.
I am submitting a FORM on a web page and want to make sure noone tries to
exploit commands submitted to the POST action, so PerlDocs showed something
like this...
if ($data =~ /^([-\@\w.]+)$/) {
$data = $1; # $data now untainted
} else {
die "Bad data in $data"; # log this somewhere
}
I tried this and it seemed to work in a test.cgi program but on the live one
it keeps saying the data is bad even when the dat submitted contained only
TEXT characters..
I really don't understand the test line above but it says that it only
allows text,@,-,.,0-9 characters only.
any help would be great.
thanks,
George Vieira
Systems Manager
Citadel Computer Systems P/L
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
