Vulnerability Development mailing list archives

Re: shell script cgi

From: mlh <mlh () zip com au>
Date: Mon, 18 Nov 2002 21:02:07 +1100

c jones writes in part
>
> ua=`echo "$HTTP_USER_AGENT" | sed "s#\;##g"`
>


One thing that is odd about this scrap of code is
why one would bother removing the ';' yet leave
all sorts of other character sequences that are equally
meaningful to the shell, for instance &, &&, |, || etc.
Also ^ for older shells.


Matt

Current thread:

Re: shell script cgi, (continued)
- - Re: shell script cgi c jones (Nov 15)
- Re: shell script cgi Philip Rowlands (Nov 16)
  - Re: shell script cgi Nick Jacobsen (Nov 16)
    - Re: shell script cgi Ed Schmollinger (Nov 17)
  - Re: shell script cgi (summary?) c jones (Nov 18)
    - Re: shell script cgi (summary?) Brian Fury (Nov 19)
    - Re: shell script cgi (summary?) Andre Breiler (Nov 20)
    - Re: shell script cgi (summary?) Philip Rowlands (Nov 20)
    - Re: shell script cgi (summary?) Brian Hatch (Nov 19)
- Re: shell script cgi Rajko Zschiegner (Nov 16)
- Re: shell script cgi mlh (Nov 18)
- RE: shell script cgi Rajko Zschiegner (Nov 16)
  - Re: shell script cgi Brian Hatch (Nov 16)
    - Re: shell script cgi Ralf Dreibrodt (Nov 17)
  - Re: shell script cgi mlh (Nov 18)