Kaye and Geoff's web page documentation 

Resub: Perl package to translate escaped characters

Packages are included in a Perl program with a 'require' operator. This one is designed to substitute escaped characters sent from a web browser. It is also a convenient place to include the suppression (for security reasons) of the backquote character.

package Re_sub; # # subroutine to do escaped character re-substitution # the input string is passed as the only parameter # the returned value is the input string with escaped values substituted # sub main'resub { local ($s) = @_; $s =~ s/\+/ /g; if (index($s,"%") >= 0) { $s =~ s/%0D%0A/\n/g; $s =~ s/%20/ /g; $s =~ s/%21/!/g; $s =~ s/%22/"/g; $s =~ s/%23/\#/g; $s =~ s/%24/\$/g; $s =~ s/%26/\&/g; $s =~ s/%27/'/g; $s =~ s/%28/\(/g; $s =~ s/%29/\)/g; $s =~ s/%2B/\+/g; $s =~ s/%2C/,/g; $s =~ s/%2D/-/g; $s =~ s/%2F/\//g; $s =~ s/%3A/:/g; $s =~ s/%3B/;/g; $s =~ s/%3C/\</g; $s =~ s/%3D/=/g; $s =~ s/%3E/\>/g; $s =~ s/%3F/?/g; $s =~ s/%40/\@/g; $s =~ s/%5B/[/g; $s =~ s/%5C/\\/g; $s =~ s/%5D/]/g; $s =~ s/%5E/\^/g; $s =~ s/%60/\`/g; #backquote: see security note below $s =~ s/%7B/\{/g; $s =~ s/%7C/\|/g; $s =~ s/%7D/\}/g; $s =~ s/%7E/\~/g; # # change any escaped % character back last # $s =~ s/%25/\%/g; } # # security: suppress backquote so that input cannot invoke a Unix process # the $s at the end is to ensure that this is the return value # $s =~ s/\`/\'/g; $s; } # # ensure that package returns true # 1;
Top
Close