On Apr 22, JupiterHost.Net said: >Damon McMahon wrote: > >> I have an externally supplied attachment filename which I need to >> untaint but still use. I'd like to replace any unsafe characters with >> underscores. This is what I've tried: >> >> $attach_name =~ s/[^\w\s\-\.]/_/; >> $safe_attach_name = $1; > >I imagine you want to do it more than once so add the g... >Plus you have no parens to capture anything to $1 > >my $safe = $attach_name; >$safe =~ s/[^\w\s\-\.]/_/g;
That won't help. If $attach_name is tainted, $safe will still be tainted. Here's how to do it: # copy attachment name, remove "bad" characters (my $safe = $attach_name) =~ s/[^\w\s.-]+//g; # and then $1-ize it ($safe) = $safe =~ /([\w\s.-]+)/; -- Jeff "japhy" Pinyan [EMAIL PROTECTED] http://www.pobox.com/~japhy/ RPI Acacia brother #734 http://www.perlmonks.org/ http://www.cpan.org/ CPAN ID: PINYAN [Need a programmer? If you like my work, let me know.] <stu> what does y/// stand for? <tenderpuss> why, yansliterate of course. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
