--- Alen Sarkinovic <[EMAIL PROTECTED]> wrote:
> I'm using this format for untaining data :
>
> if ($data =~ /^([-\@\w.]+)$/) {
> $data = $1;
>
> but , I would like to alow char : + ,and ,char : space , to be entered into the
>$data
> What code will do that?
> Thanks
How do you know if the untainting succeeded? Since you are assinging back to the same
variable
(unless you have an else that you didn't show us). I like to assign to a 'dirty'
variable and
then untaint to a clean one. This is a lot safer. If a maintenance programmer comes
along and
removes the 'else', then you have a security issue. This will do what you want (if I
understood
you correctly):
my ( $data ) = ( $dirty_data =~ /^([-@w.:+, ]+)$/ );
Note that a character class does not respect metacharacters like a normal regex. You
don't need
to escape most characters.
Cheers,
Curtis Poe
=====
Senior Programmer
Onsite! Technology (http://www.onsitetech.com/)
"Ovid" on http://www.perlmonks.org/
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
