[ale] One for the Perl Gurus

Robert L. Harris Robert.L.Harris at rdlg.net
Tue Jan 10 12:01:33 EST 2006



Ok,
  I'm working on a perl script that plugs into my irssi irc client.
It's basically used for storing information useful to us.  At atny rate
it's standard perl with the exception of some modules that plug it into
irssi.  I have a section of the script which reads like this:


      if (( $Data =~ /$Target/ix ) || ($Topic =~ /$Target/ix )) {
        push(@tmp, $Topic);
      }


$Data is a string read from a file in this case and $Target is a string
fed in when a user in an irc channel activates the script.  For example
the user could say:

match foobar

$Target would be foobar.  The problem though is that one of my coworkers
likes to try and find holes and exploits in scripts, etc.  Right now
he's found that if he does:

 match ..*|.*+|+.+*|.?+|.\?({}}|

I need a good way to sanitize the script other than to do a whole bunch
of :

$Target =~ s/\./\\./;


Any suggestions or anyone know a perl internal that'll let me manage the
comparisons in a manner that won't trigger the breakage?

Robert


:wq!
---------------------------------------------------------------------------
Robert L. Harris                     | GPG Key ID: E344DA3B

DISCLAIMER:
      These are MY OPINIONS             "We can't solve problems by using
       ALONE.  I speak for                the same kind of thinking we used
       no-one else.                         when we created them."
                                          - Einstein

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature




More information about the Ale mailing list