regex - I believe this Perl script is secure. Can it be improved? -

-

I have the following Perl script one (not yet because I took it down) a URL like

Click on 
  http://www.joereddington.com/testsound/getsound.pl?text=hello%20mum

and then find the file 

  http://www.joereddington.com/testsound/hope.wav

There is a recording of computer voice "Hello mother" 

 < Code> #! Use / usr / bin / perl strict; Use warnings; Use CGI qw (: standard-debug); My $ text = param ('text'); $ Text = ~ s / [^ 0-9a-zA-Z \ s] // g; Print "content-type: text / html \ n \ n"; System ("/ home8 / projedf4 / tts / espeak-1.48.04-source / src / speak \" $ text \ "-w hope.wav");

I am a little worried about users possibly taking advantage of injection attacks and in this way I believe I have done enough with the line 

  $ text = ~ s / [^ 0-9a-zA-Z \ s] // g;

Because I'm just really removing everything that can harm the string.

But is it enough? I as far as 

  $ text = ~ s / [^ 0- 9a-zA-Z \ s \.], / G;

Yes, your code is correct ( perl , < Code> Talk , DOS Invasion, etc.), specializing in - with speaking assessing only one argument.

But it can be improved.

  1. There is no need to remove so many letters. 

      sub-x00 /; My $ lit = $ _; $ Litt = ~ s / '/' \\ '' / g; "'$ Row' '' '@_}} $ Text = ~ s / ^ - + //; system (shell_kot (' /.../bol ', $ text,' -va ',' hope. ') );

    or 

      Use string: Shell quat quad (shell_kota); $ Text = ~ s / ^ - + //; system (Shell_kot ('/.../bol', $ text, '-va', 'hope.' '));

  2. Launch a shell too Do not need to. 

      If $ text = ~ / \ x00 /; $ Text = ~ s / ^ - + //; system ('/.../bol', $ Text, '-va', 'hope.');

  3. If your supports supports - , you can also use If the $ text = ~ / \ x00 /; system ('/.../bol', '-va', 'hope', '' ',' $ text, if die;

    );

Comments

Post a Comment

Popular posts from this blog

c++ - C/pp Sockets, recv()/send() works only under gdb -

-
Edit: In the socket: The CanReceive () argument was the reason I was checking the input 1 millisecond While stepping into GDB, everything worked out. I have a problem with C sock send () / recv () do nothing if they are in non-debug mode. Even if std :: cout can not return their return value for some reason std :: cout is not working in my method I std: : Cerr can not even make a mistake It does not make sense to check that in GDB, because everything works perfectly as a virus in non-debug mode. C does not. //b - buffer // s - size // sd - socket descriptor int32_t TCP :: reception (char * b, uint32_t s) {error :: critical. SetErrorNumber (error: List :: noor); If (! Socket :: valid (sd)) {error :: serious .sitemember (error :: list :: invalid socket); Return -1; } If (Disconnect ()) {Error :: Critical. SetErrorNumber (Error :: List :: Notepanked); Return -1; } If returned (! Socket :: canvasive (SD, readtimeout)) incorrect; If (! B) {B = new four [S + 1]; Std :: mem...
Read more

GO: Serve static pages -

-
I'm trying to display a static page with Go. Go: Package main import "net / http" function main () {fs: = http.FileServer (http.Dir ("static / house")) Http: .handle ("/", fs) http.ListenAndServe (": 4747", zero)} directory: project / stable home Html edit.html project.go When I run it, the web page displays links to edit.html and home.html instead of displaying a static page from home.html is. What am I doing wrong. Is this the best way to serve files? I know that there are other ways like From the HTML / templates package, but I'm not sure what is the difference between each of these methods and when. Thanks! fancy main () {http.Handle ("/", http.FileServer (Http) .ir ("static")) http.ListenAndServe (": 4747", zero)} You do not need static / home , just Static . and when you do not have index.html in / static , the directory instead Content appears. Just change the name of...
Read more

objective c - How to open front/back camera at the same time in iOS developing? -

-
I want to use the front and rear camera at the same time in iOS development: when I take a photo back After the camera, the front camera can be opened and another can take a photo. By the way, these two photos are in a picture: vertical arrangement. Has anyone done this before? UIImagePickerController to take the picture, and to determine which camera is used Is in. / P> To merge the pictures, I found an example through search (its recommendation in the future)
Read more