ab11+londonpm at sanger.ac.uk
Mon Oct 1 16:40:51 BST 2007
On 01/10/2007, Rafael Garcia-Suarez <rgarciasuarez at gmail.com> wrote:
> But, most importantly, have you remarked that your CGI script
> allows *arbitrary* source code execution through the chester_userid
> parameter, and opens a huge security hole ? You must avoid using
> external data in regexps unless you properly escaped the dangerous
> characters in it (like, with quotemeta()).
perlretut looks like it says you need to use re 'eval' for this to be
a problem, which is what I'd thought, too. Do I have this wrong?
More information about the london.pm