regex - I believe this Perl script is secure. Can it be improved? -

-

I have the following Perl script one (not yet because I took it down) a URL like

Click on 
  http://www.joereddington.com/testsound/getsound.pl?text=hello%20mum

and then find the file 

  http://www.joereddington.com/testsound/hope.wav

There is a recording of computer voice "Hello mother" 

 < Code> #! Use / usr / bin / perl strict; Use warnings; Use CGI qw (: standard-debug); My $ text = param ('text'); $ Text = ~ s / [^ 0-9a-zA-Z \ s] // g; Print "content-type: text / html \ n \ n"; System ("/ home8 / projedf4 / tts / espeak-1.48.04-source / src / speak \" $ text \ "-w hope.wav");

I am a little worried about users possibly taking advantage of injection attacks and in this way I believe I have done enough with the line 

  $ text = ~ s / [^ 0-9a-zA-Z \ s] // g;

Because I'm just really removing everything that can harm the string.

But is it enough? I as far as 

  $ text = ~ s / [^ 0- 9a-zA-Z \ s \.], / G;

Yes, your code is correct ( perl , < Code> Talk , DOS Invasion, etc.), specializing in - with speaking assessing only one argument.

But it can be improved.

  1. There is no need to remove so many letters. 

      sub-x00 /; My $ lit = $ _; $ Litt = ~ s / '/' \\ '' / g; "'$ Row' '' '@_}} $ Text = ~ s / ^ - + //; system (shell_kot (' /.../bol ', $ text,' -va ',' hope. ') );

    or 

      Use string: Shell quat quad (shell_kota); $ Text = ~ s / ^ - + //; system (Shell_kot ('/.../bol', $ text, '-va', 'hope.' '));

  2. Launch a shell too Do not need to. 

      If $ text = ~ / \ x00 /; $ Text = ~ s / ^ - + //; system ('/.../bol', $ Text, '-va', 'hope.');

  3. If your supports supports - , you can also use If the $ text = ~ / \ x00 /; system ('/.../bol', '-va', 'hope', '' ',' $ text, if die;

    );

Comments

Post a Comment

Popular posts from this blog

java - org.apache.http.ProtocolException: Target host is not specified -

-
I have written a simple httprequest / response code and I am getting this error below: I used to type in my classpath httpclient, httpcore, common -Codecs and general logging. I am very new to Java and I do not know what's going on here. Please help me. code: import org.apache.http.client.HttpClient; Import org.apache.http.client.methods.HttpGet; Import org.apache.http.HttpResponse; Import org.apache.http.impl.client.HttpClientBuilder; Import org.apache.http.Header; Import org.apache.http.HttpHeaders; Public class UnshorteningUrl {public static zero main (string [] args throws exception {HttpGet request = zero; HTTP Client Client = HTTP ClientBuilder.credit (). Build (); Try {Request = New HTTP Gate ("trib.me/1lBFzSi"); HttpResponse httpResponse = client.execute (request); Header [] header = httpResponse.getHeaders (HttpHeaders.LOCATION); // Preconditions.checkState (headers.length == 1); String new url = header [0] .getValue (); System.out.println ("new url...
Read more

How to access user directory in lazarus? -

-
After I am trying to open file changelog.txt and it does not matter if I open it Need to have the user open it though it is always located in the ~ / directory. Enter the file here. Here is my code: Process TForm1.FormCreate (From: TObject); Var myFile: textfile; Line: String; Start AssignFile (myFile, '~ / changelog.txt'); Reset (myFile); While EOF (MyFile) does not readLn (myFile, Line); Label3.Caption: = (Label3.Capttion + Line + # 13 # 10); End; CloseFile (myFile); End; This does not work, however, if I replace ~ with the actual user name, then it works, however, I use the username of each user Can not know which will run my program. Any idea how can I get the username that started the program? ! Thanks Edit1: I have tried this, but this also includes a new line: RunCommand ('/ bin / bash', ['- - C ',' Whoami '], users); This is normal. The concept of "~" is an shell level and thus requires a separate shell elev...
Read more

java - Gradle dependencies: compile project by relative path -

-
Is it possible to specify a dependency on another gradeal project in the granular (in android studios) outside the current project limits? For example, with a relative path like this: dependence {collection project ('../../ stdlib / dagger'}} MyApp (path / user / foo / workspace / mypad) The app (Path / User / Foo / Workspace / MyPass / App) And I have an Android Library Project with 3 subdomules: stdlib (path is / user / foo / Utilities (Path / User / Foo / Workspace / Stadlib / Utilis) http (Path / User / Foo / Workspace / Stadlib / HT) / Li> What I have to do is compile the Dagger, Util, http module in the MyApp project. The Stidelib Library module under heavy development And MyApp will grow in the form of Growth, so I do not want to push them into a Mewen repository. I am a little change. is likely to add another Gredle projects in some way? I will push the study library into the Maven repository after the source is in search of a temp...
Read more