Hot Scripts Forums - View Single Post

Boraan · #4 (**permalink**) 08-29-07, 07:39 AM

untainting is always a great idea... here we go... add this to the cgi file for not just untaint, but format the fields..

Code:

# Untaint/Format email strings
if ($FORM{'femail'} !~ /[\w\-]+\@[\w\-]+\.[\w\-]+/) {
	&dienice("You did not enter a valid email address.");
}

if ($FORM{'semail'} !~ /[\w\-]+\@[\w\-]+\.[\w\-]+/) {
	&dienice("You did not enter a valid email address.");
}

# Untaint text strings
if ($FORM{'fname'} !~ /[a-z0-9][A-Z0-9]/) {
	&dienice("Quit trying to hack my system... PHREAK!");
}

if ($FORM{'sname'} !~ /[a-z0-9][A-Z0-9]/) {
	&dienice("Quit trying to hack my system... PHREAK!");
}

You can also add maxlenth="numerical value" to limit how many characters can be entered into the text fields on the html page.