[Mimedefang] string compare / matching

Jan-Pieter Cornet johnpc at xs4all.nl
Fri Nov 30 15:57:04 EST 2007


On Fri, Nov 30, 2007 at 12:16:07PM -0500, Joseph Brennan wrote:
> Petra Humann <humann at tcs.inf.tu-dresden.de> wrote:
> 
> >    my $absender = $Sender;
> >    $absender =~ s/^<//;
> >    $absender =~ s/>$//;
> >    $absender = lc($absender);
> >
> >If I write:
> >	if ( ! grep /$absender/, $from_header) ...
> >it works, but some addresses doesn't, like "liste**recipient**@liste.com".
> 
> Beware of putting an email address into a regexp.  Perl will try to
> interpret characters like * as quantifiers and complain.  Consider:

You should not put unchecked user input into regular expressions,
period. It will most of the time not do what you expect, and at worst
will open you up to denial-of-service attacks and even security leaks
(see http://use.perl.org/article.pl?sid=07/11/29/1432238 ).

It is considered safe in general to match /\Q$random_string\E/, or
via $regex = quotemeta($random_string); /$regex/;

This is usually what you want anyway.

-- 
Jan-Pieter Cornet <johnpc at xs4all.nl>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow verification of the logs.  !!


More information about the MIMEDefang mailing list