CGI Paramater Validation Simple Validation 3 of 32 : [PREV] [NEXT]

Quick & Dirty

Okay lets improve the script a bit

#!/usr/bin/perl -wT
use strict;

use CGI;

my $cgi = new CGI();
my $action = $cgi->param('action');
die "Invalid parameter" if($action !~ /^[\w\.\-]+$/);

open FILE, "$action" or die "cannot open file: $!\n";

By adding the -T we ensure Perl checks wehether our variables are tainted. By adding the the regex check we untaint the value of the variable $action.


© 2003 Barbie barbie@missbarbell.co.uk Home http://birmingham.pm.org/