Loading ...
Sorry, an error occurred while loading the content.

Tainting Untainting

Expand Messages
  • Lou Hernsen
    Tainting Untainting I am trying to write code that insure safe input from a form. This is what I have come up with after a few days of study... Being that I
    Message 1 of 1 , Feb 2, 2007
    • 0 Attachment
      Tainting Untainting

      I am trying to write code that insure safe input from a form.
      This is what I have come up with after a few days of study...
      Being that I am a beginner at this I am sure it is quite incomplete,
      but I don't know how.

      Help? Ideas? Pointers?
      Thanks
      Lou


      # chomps \n's
      $value =~ s/\n//g;
      # deletes embedded HTML comments - Security measure to prevent subverting
      server side includes
      $value =~ s/<!--(.|\n)*-->//g;
      # Filters out everything not in th is list a-zA-Z0-9\.\-\_\@
      $value =~ s/[^a-z0-9\.\-\_\@]//ixg; # i=ignore case x=ignore
      whitespace g=all occurances
      # Check for email address. if an @ appears, split and reconstitiute as an
      email address
      if ($value =~ m/@*\./) # email address else
      {
      #### This will untaint for -T
      $value =~ m/(\S+)\@([\w.-]+)/;
      $value = "$1\@$2";
      }
      # delete first dashes
      #while (m/-*/)
      while (substr($value,0,1) eq "-")
      {
      $value = substr($value,1,(length $value) - 1);
      }
      # delete commands system, exec & unlink
      if ($value =~ m/system/i || $value =~ m/exec/i || $value =~ m/unlink/i)
      {
      FailPage("Unsafe verbage is being used.<BR>Do not use the phrase
      \"$value\"");
      }
    Your message has been successfully submitted and would be delivered to recipients shortly.