buzza

How to untaint perl variable?

my $username = <STDIN>;
if ($username =~ /^(.*)$/) {
    $username = $1; # now $username is not insecure
}
# and you can use it anywhere =)
system('ssh',"$username@somehost.com");
# but i recommend to make it at least as /^[[:alnum:]]+$/
Add Comment Register

Leave a Reply


9 + five =