[Mimedefang] string compare / matching
David F. Skoll
dfs at roaringpenguin.com
Fri Nov 30 16:04:18 EST 2007
Jan-Pieter Cornet wrote:
> You should not put unchecked user input into regular expressions,
> period. It will most of the time not do what you expect, and at worst
> will open you up to denial-of-service attacks and even security leaks
> (see http://use.perl.org/article.pl?sid=07/11/29/1432238 ).
> It is considered safe in general to match /\Q$random_string\E/, or
> via $regex = quotemeta($random_string); /$regex/;
If you just want to do substring matching, use "index" which is the
safest of all.
Regards,
David.
More information about the MIMEDefang
mailing list