regexp and binary values

V

vertigo

Hello

I have a place in code:
if ($_ =~ /$myvariable/){....}

the problem is that $myvariable is supplied by the user and malicius user
can give me binary code or code with special characters.
How can i treat all characters in $myvariable as strings ?
(when special variables are provided my program fails like this:
Unmatched ) in regex; marked by <-- HERE in m/ GET /?showimage=') <-- HERE
%20UNION%20SELECT%20'pixelpost_15rc1.nasl-1196815102.jpg'%20as%20id%2c%201625282529%20as%20headline%2c%20820629856%20as%20datetime%2c%201781748684%20as%20body%2c%201300225929%20as%20category%2c%201242744851%20as%20image/*
HTTP/1.1/ at /root/skrypty/raportweb_h1.pl line 20, <FILEALL> line 1.
)

Thanx

-
 
B

Ben Morrow

Quoth vertigo said:
Hello

I have a place in code:
if ($_ =~ /$myvariable/){....}

the problem is that $myvariable is supplied by the user and malicius user
can give me binary code or code with special characters.
How can i treat all characters in $myvariable as strings ?

See \Q in perlop or quotemeta in perlfunc.

Ben
 
P

Peter Makholm

vertigo said:
Hello

I have a place in code:
if ($_ =~ /$myvariable/){....}

the problem is that $myvariable is supplied by the user and malicius user
can give me binary code or code with special characters.
How can i treat all characters in $myvariable as strings ?

You'll have to quote the variable with an \Q.

if (/\Q$myvariable/) {
...
}

Read 'perldoc perlre' for more inforamtion.

//Makholm
 
C

Charlton Wilbur

v> Hello I have a place in code: if ($_ =~ /$myvariable/){....}

v> the problem is that $myvariable is supplied by the user and
v> malicius user can give me binary code or code with special
v> characters. How can i treat all characters in $myvariable as
v> strings ?

If you're just looking to see if what's in $myvariable is a substring
of $_, why bother with a regular expression? perldoc -f index

Charlton
 
J

Jürgen Exner

vertigo said:
Hello

I have a place in code:
if ($_ =~ /$myvariable/){....}

the problem is that $myvariable is supplied by the user and malicius
user can give me binary code or code with special characters.
How can i treat all characters in $myvariable as strings ?

So you are using a chainsaw and are asking how to disable the motor such
that is doesn't cut as fast. Yes, you can do that by pulling the spark plug,
also known as quotemeta or \Q...\E.
However the better solution seems be to use a more fitting tool like a hand
saw in the first place, see 'perldoc -f index'.

jue
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
474,262
Messages
2,571,310
Members
47,977
Latest member
MillaDowdy

Latest Threads

Top