If you are using perl you can always regex to remove unwanted
characters to accept only letters:
$query =~ tr/A-Za-z //cd;
or to be a bit less strict (letters, numbers, wildercards, etc....
as in the CGI example in the swish-e web page:
$query =~ s/[^a-zA-Z0-9\-\_\*\.\@\(\)\=\"αινσϊΑΙΝΣΪρΡόά ]/ /g;
----- Original Message -----
From: "Chris Humphries" <ChrisJMH@vermilion99.freeserve.co.uk>
To: "Multiple recipients of list" <email@example.com>
Sent: Tuesday, September 12, 2000 6:30 AM
Subject: [SWISH-E] re: Unsafe SWISH calls from Perl
> Is the "unsafe" call to SWISH from Perl,
> open(SWISH, "$swish -w $query -m $results $search_tags -f $index|");
> unsafe on ANY platform?
> Are there any obvious ways of checking the values passed to remove
> Are there legitimate strings that one could search for that would be
interpreted as system commands?
> Are PCs susceptible to something like the shell-escape problem that UNIX
> Chris Humphries
Received on Tue Sep 12 17:29:55 2000