Re: Sendpage (Perl CGI) Remote Execution Vulnerability

From: Seth Arnold (sarnold@wirex.com)
Date: 11/28/01


Date: Wed, 28 Nov 2001 12:59:30 -0800
From: Seth Arnold <sarnold@wirex.com>
To: bugtraq@securityfocus.com
Subject: Re: Sendpage (Perl CGI) Remote Execution Vulnerability
Message-ID: <20011128125930.D7800@wirex.com>


On Wed, Nov 28, 2001 at 09:24:30AM +0000, John Imrie wrote:
> > $message =~ s/[^\w\s]//g;
> $message =~ s/[^A-Za-z0-9]//g;

Note that these two are almost identical in the default locale, but the
first version also allows whitespace (maybe useful :) and more
international-friendly characters such as: αξεοιαπ ....

Cheers

-- 
"Soldiers quartered in a populous town will always occasion two mobs
where they prevent one. They are wretched conservators of the peace."
-- John Adams