[Mimedefang] string compare / matching

David F. Skoll dfs at roaringpenguin.com
Fri Nov 30 16:04:18 EST 2007


Jan-Pieter Cornet wrote:

> You should not put unchecked user input into regular expressions,
> period. It will most of the time not do what you expect, and at worst
> will open you up to denial-of-service attacks and even security leaks
> (see http://use.perl.org/article.pl?sid=07/11/29/1432238 ).

> It is considered safe in general to match /\Q$random_string\E/, or
> via $regex = quotemeta($random_string); /$regex/;

If you just want to do substring matching, use "index" which is the
safest of all.

Regards,

David.


More information about the MIMEDefang mailing list