--- Alen Sarkinovic <[EMAIL PROTECTED]> wrote:
> I'm using this format for untaining data :
> 
> if ($data =~ /^([-\@\w.]+)$/) {
>       $data = $1;
> 
> but , I would like to alow char : +  ,and ,char : space , to be entered into the 
>$data
> What code will do that?
> Thanks        

How do you know if the untainting succeeded?  Since you are assinging back to the same 
variable
(unless you have an else that you didn't show us).  I like to assign to a 'dirty' 
variable and
then untaint to a clean one.  This is a lot safer.  If a maintenance programmer comes 
along and
removes the 'else', then you have a security issue.  This will do what you want (if I 
understood
you correctly):

my ( $data ) = ( $dirty_data =~ /^([-@w.:+, ]+)$/ );

Note that a character class does not respect metacharacters like a normal regex.  You 
don't need
to escape most characters.

Cheers,
Curtis Poe

=====
Senior Programmer
Onsite! Technology (http://www.onsitetech.com/)
"Ovid" on http://www.perlmonks.org/

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

Reply via email to