Camilo,
I don't think you need to put $email in quotes to do the check, but it works if you do. Try this:
if $email =~/@.*@/g || $email =~ /\n/s;
It still might not be secure depanding on how $email is being used later. Is it used in a system() call? In open()? In backticks? What about the whitespace? What if there is "\r" in $email? What about ";"? "\0"?
I would suggest to match safe characters, not the unsafe ones, because it's easy to overlook something. Camilo, it's very good that you use the taint mode here. Check out CGI::Untaint::email, this is exactly what you need:
http://search.cpan.org/search?module=CGI::Untaint::email http://search.cpan.org/search?module=CGI::Untaint
It's used like this:
use CGI::Untaint; my $untaint = CGI::Untaint->new($cgiobj->Vars); my $email = $untaint->extract(-as_email => 'email');
You should do the same with other parameters, like name and address. You might need to write your own handler, but it's very easy. Here's an example from the CGI::Untaint documentation, to match a single digit:
package Mysite::CGI::Untaint::digit;
use base 'CGI::Untaint::object';
sub _untaint_re { qr/^(\d)$/ }
1;-- ZSDC
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
