Hide output from perl script system command

[brad]

OK, good to know.  The perl script already does what I would consider
parsing the input, but I don't know enough about perl or regex's to know
for sure what it is doing.  It has been in place for a while without
problem.  This also runs on a pass protected site, so between the two I
think it will be fine <crosses fingers>.

Thanks for the help,

Brad

Brian wrote:

> Ummm, yeah! A cleverly crafted string could be created that would issue
> commands that you haven't designed to run, with whatever privileges
> as the process that accepts the input string. You will want to feed
> the input from the web form through a filter removing characters
> that could be interpreted by the shell, or alternately filter on only
> the allowed characters.
> 
>