httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n..@apache.org
Subject svn commit: r650428 - /httpd/httpd/trunk/docs/manual/mod/mod_dbd.xml
Date Tue, 22 Apr 2008 09:38:23 GMT
Author: niq
Date: Tue Apr 22 02:38:17 2008
New Revision: 650428

URL: http://svn.apache.org/viewvc?rev=650428&view=rev
Log:
Clarify explanation of untainting.

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_dbd.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_dbd.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_dbd.xml?rev=650428&r1=650427&r2=650428&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_dbd.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_dbd.xml Tue Apr 22 02:38:17 2008
@@ -127,8 +127,13 @@
     untrusted input is merged into the SQL statement.</p>
     <p>It can be made safe by <em>untainting</em> all inputs:
     a process inspired by Perl's taint checking.  Each input
-    is matched against a regexp, and only the match is used.
-    To use this, the untainting regexps must be included in the
+    is matched against a regexp, and only the match is used,
+    according to the Perl idiom:</p>
+    <example>
+        <pre><code>  $untrusted =~ /([a-z])+/;
+  $trusted = $1;</code></pre>
+    </example>
+    <p>To use this, the untainting regexps must be included in the
     prepared statements configured.  The regexp follows immediately
     after the % in the prepared statement, and is enclosed in
     curly brackets {}.  For example, if your application expects



Mime
View raw message