[Date Prev][Date Next][Thread Prev][Thread Next]
[Search]
[Date Index]
[Thread Index]
Re: [MacPerl-WebCGI] Filters
tedd<tedd@sperling.com> wrote:
>My concern is that the user may enter:
>1. Too much text and overfill the edit fields. When this is done, it
>creates problems.
a quick,easy and painless method - limit the size of the HTML fields
more painful method - use length() to check the length of the input
===test script===
#!-w
$test= "this is a string";
print length $test;
===end of test script===
and do what you want to do accordingly (notify the user they've goofed,
silently chop the query up into smaller bits,....)
>2. Control characters which can fool my cgi script into thinking that
>more news stories have been added than what's actually been entered.
use the 'tr' command to kill the characters you don't want
===test script===
#!-w
$test= "this* is a* string /\"'()~[]@.,;:&%-=";
$test =~ $test =~ tr/\/"'()~[]@.,;:&%-=//ds;
print "$test\n";
===end of test script===
as to malicious use of control characters,
*Make sure that any input from users is handled in single quotes:-
'this is a string in single quotes\n\n unlink(*.*)'
this means perl will read the input as text rather than potential perl
commands.
*Don't use sytem(), exec() on user input
==== Want to unsubscribe from this list?
==== Send mail with body "unsubscribe" to macperl-webcgi-request@macperl.org