Re: Sendpage (Perl CGI) Remote Execution Vulnerability

[John Imrie <john.imrie () pa press net>]

[snip]

> To fix, simply filter out all "dangerous" characters:
> ,';"/`\%$#{}-&<>... I prefer to keep things simple and remove all
> non-alphanumeric characters:
>
>       $message =~ s/[^\w\s]//g;

I find that filtering out dangerous characters can lead to problems, as it is 
allways possible to miss one. A safer version is to only allow 'good' 
characters

$message =~ s/[^A-Za-z0-9]//g;