|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Andreas Beck (becka
uni-duesseldorf.de)Date: Mon Jun 17 2002 - 12:26:33 CDT
Marco van Berkum <m.v.berkumobit.nl> wrote:
> this line "$host =~ s/[;<>\*\|'&\$!?#\(\)\[\]\{\}:'"\\]//g;" under it and
> Well, yes, it does parse out some metacharacters, but, the " ` " (backtick)
> is not filtered out in any way. (probably one of the two quotes " ' " should be
> a backtick). Also the slash and the hyphen are not filtered.
>
> Second fix: replace the second quote by a backtick and add slash and hyphen
> to the filter :)
Umm - it's a traceroute-sort-of-thing - right? So why not fixing it with a
whitelist instead of a blacklist?
Allowed domain names should be within [a-zA-z-.]* - right?
To cater for IPv6 one could add the colon (unless that poses a problem -
I see it filtered out above ...), and be done with it.
CU, Andy
-- Andreas Beck | Email : <becka
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]