On Aug 2, Tom Allison said:
So.... I'm trying to get beyond this tainting stuff....
I tried $username =~ s/[EMAIL PROTECTED]//g;
but that doesn't seem to do it.
Detainting via a regex requires you use text that matched; what this means
is you must use a capture variable. In your case, you can do your removal
of invalid characters and then use (.*) to untaint:
$username =~ s/[EMAIL PROTECTED]//g; # remove unwanted characters
($username) = $username =~ /(.*)/s; # match everything and store
Is there a perldoc I need to read?
The 'perlsec' docs. They have a rather apropos example:
if ($data =~ /^([EMAIL PROTECTED])$/) {
$data = $1; # $data now untainted
} else {
die "Bad data in '$data'"; # log this somewhere
}
--
Jeff "japhy" Pinyan % How can we ever be the sold short or
RPI Acacia Brother #734 % the cheated, we who for every service
http://japhy.perlmonk.org/ % have long ago been overpaid?
http://www.perlmonks.org/ % -- Meister Eckhart
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
