Skip Menu |
 

This queue is for tickets about the Encode CPAN distribution.

Report information
The Basics
Id: 41211
Status: open
Priority: 0/
Queue: Encode

People
Owner: Nobody in particular
Requestors: MARKOV [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)



Subject: unarm dangerous characters
Download (untitled) / with headers
text/plain 692b
I am trying to make Sys::Syslog safer. It has two problems: 1) logged strings are passed-on to the kernel in "perl internal format" 2) dangerous characters are not escaped. The first part is easy to solve: just use encode(). The second, however, calls for a module which translates \0x1b into <esc> or \b. Whatever syslog receives is written to logfiles. When root opens these logfiles, the escape codes will get executed. So we have to block escape-codes client-side. So: we need a very simple "encode"-like module to do the job, preferrably written in C. For me, it seems a good plan to have it included in your distribution. But you may have an other solution? Sincerely, MarkOv
Download (untitled) / with headers
text/plain 250b
The B.pm module offers two functions that might satisfy this need, cstring() and perlstring(). If you specify your desired escaping I'll take a crack at it. RFC 5137 recommends U+NNNN[N[N]] syntax, <http://tools.ietf.org/html/rfc5137>. -- chansen


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.