Stefan Hornburg wrote:
Shouldn't some effort be made to 'sanitize' the URL content? With these examples, could not a hacker embed ITL statements, or for that matter even Perl, into one of those positional parameters that would then be evaluated into the Scratch variables?Well, one of perl's mottos is that there's more than one way to do it... here's one elementary way: $last_url = '[data session last_url]'; @parts = split("/", $last_url); # position 0 should be nothing # position 1 should be "category" # position 2 should be "posters" # position 3 should be "p1.html" $pstn2 = $parts[2]; $pstn3 = $parts[3];And here a shorter way to do it (also untested): ($pstn2, $pstn3) = (split("/", $Session->{last_url})[2,3]; Ciao RackeI set this up: [perl] ($pstn2, $pstn3) = (split("/", $Session->{last_url})[2,3]; [/perl] [scratch pstn2], [scratch pstn3] but it returns nothing. What am I screwing up?First, one paren is missing. Second, no program in the world can read your thoughts. Why should the Perl variables automagically appear in the scratch namespace ? Try: [perl] ($Scratch->{pstn2}, $Scratch->{$pstn3}) = (split("/", $Session->{last_url}))[2,3]; [/perl]
Barry --Barry Treahy, Jr * Midwest Microwave * Vice President & CIO
E-mail: suppressed * Phone: 480/314-1320 * FAX: 480/661-7028 _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.