Re: p. 561 in camel book.

2005-05-20 Thread John Doe
Am Freitag, 20. Mai 2005 02.52 schrieb Randal L. Schwartz: > > "Charles" == Charles K Clarkson <[EMAIL PROTECTED]> writes: > > Charles> So what should be written there? How does the OP untaint data > properly? > There is never a general answer to that question. "data" doesn't have > an "

Re: p. 561 in camel book.

2005-05-20 Thread John Doe
Am Freitag, 20. Mai 2005 01.24 schrieb Randal L. Schwartz: > > "John" == John Doe <[EMAIL PROTECTED]> writes: > > John> Imagine the above tainted() without the '#' in the evaled string, and > $data John> contains 'system ("rm -rf;")': > > John> 1. $nada would be executed > John> 2. the quotes a

Re: p. 561 in camel book.

2005-05-19 Thread Randal L. Schwartz
> "Charles" == Charles K Clarkson <[EMAIL PROTECTED]> writes: Charles> So what should be written there? How does the OP untaint data properly? There is never a general answer to that question. "data" doesn't have an "untaint". Instead, write a specific regex for the narrowest possible

RE: p. 561 in camel book.

2005-05-19 Thread Charles K. Clarkson
Randal L. Schwartz wrote: : When *I* was in charge of the camel book (first and second editions), : such crap would never have remained. {sigh} So what should be written there? How does the OP untaint data properly? Charles K. Clarkson -- Mobile Homes Specia

Re: p. 561 in camel book.

2005-05-19 Thread Randal L. Schwartz
> "John" == John Doe <[EMAIL PROTECTED]> writes: John> Imagine the above tainted() without the '#' in the evaled string, and $data John> contains 'system ("rm -rf;")': John> 1. $nada would be executed John> 2. the quotes around the evaled string would not be necessary But this is still bro

Re: p. 561 in camel book.

2005-05-19 Thread John Doe
Am Donnerstag, 19. Mai 2005 22.11 schrieb Matthew Sacks: > Greetings, > This is the sort of little question that drives me nuts. > I am reading about tainting/taintedness etc. in the Camel book. Look at p. > 561 for an example of a perl subroutine that tests data to see if it is > tainted, returni

p. 561 in camel book.

2005-05-19 Thread Matthew Sacks
Greetings, This is the sort of little question that drives me nuts. I am reading about tainting/taintedness etc. in the Camel book. Look at p. 561 for an example of a perl subroutine that tests data to see if it is tainted, returning true or false. It contains this line (writing from memory):