Cool/useful short examples of Perl?
'lesleyb'
lesleyb at herlug.org.uk
Mon May 30 16:15:40 BST 2011
On Mon, May 30, 2011 at 03:36:54PM +0100, David Precious wrote:
> On Monday 30 May 2011 14:27:25 'lesleyb' wrote:
> > I am a little fearful people will substitute variables on the
> > RHS in a CGI script without untainting first and then complain
> > when the problems show up.
>
> Whilst I agree helping people learn about taint mode and how to untaint is
> valuable, I'm not sure it has a place in "look how simple this can be" / "how
> easy it is to do cool stuff" examples.
>
> Taint mode can be useful, but a user trying out simple examples is unlikely to
> have enabled taint mode unless they know about it.
>
>
> > [...] Even an example of how to untaint a
> > 'basic' RFC822 email address?
> [...]
> > if ($data =~ /^([-\@\w.]+)$/) {
> > $data = $1; # $data now untainted
> > } else {
> > die "Bad data in '$data'"; # log this somewhere
> > }
>
> I'd really not want to see people being encouraged to attempt to validate
> email addresses with a regex; that's a wheel that should not be re-invented;
> using e.g. Email::Valid to both untaint and check for validity properly would
> be a far better approach IMO.
>
> In fact, a "how to validate an email address properly" example would probably
> be worthwhile, for instance:
>
> use Email::Valid;
>
> if (! Email::Valid->address($email_address) ) {
> print "Sorry, that email address is not valid!";
> }
>
Miles better :)
Kind Regards
Lesley
More information about the london.pm
mailing list