A
A. Farber
Hello Perl users,
I have a habit of untainting input data this way in my
CGI scripts (example: http://pastebin.com/m46057a70):
$user = $1 if $query->param('user') =~ /(\w{3,12})/;
$pass = $1 if $query->param('pass') =~ /(\w{8})/;
......
unless ($user and $pass and ...) {
print $query->start_form(), ...
} else {
# do the real work with untainted data
}
and wonder, how to get rid of the warnings
"Use of uninitialized value in pattern match (m//)"
without (ab)using the no warnings qw(uninitialized)?
Thank you
Alex
I have a habit of untainting input data this way in my
CGI scripts (example: http://pastebin.com/m46057a70):
$user = $1 if $query->param('user') =~ /(\w{3,12})/;
$pass = $1 if $query->param('pass') =~ /(\w{8})/;
......
unless ($user and $pass and ...) {
print $query->start_form(), ...
} else {
# do the real work with untainted data
}
and wonder, how to get rid of the warnings
"Use of uninitialized value in pattern match (m//)"
without (ab)using the no warnings qw(uninitialized)?
Thank you
Alex