summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorwww-data <www-data@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-04-03 15:39:15 +0000
committerwww-data <www-data@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-04-03 15:39:15 +0000
commit13722d7b7656f84a95a43db1d6e2fc0b5828c8d9 (patch)
treec5663a56f3bedb1009a433a65faa2d4d1a9cab99 /doc
parent98eb183cf78113e82b32f895a58008ed1c79a8fd (diff)
web commit by WillThompson: Safety of arbitrary regexen
Diffstat (limited to 'doc')
-rw-r--r--doc/todo/mailnotification.mdwn18
1 files changed, 18 insertions, 0 deletions
diff --git a/doc/todo/mailnotification.mdwn b/doc/todo/mailnotification.mdwn
index 5aae98894..858141008 100644
--- a/doc/todo/mailnotification.mdwn
+++ b/doc/todo/mailnotification.mdwn
@@ -13,6 +13,24 @@ Should support mail notification of new and changed pages.
Joey points out that this is actually a security hole, because Perl
regexes let you embed (arbitrary?) Perl expressions inside them. Yuck!
+(This is not actually true unless you "use re 'eval';", without which
+(?{ code }) is disabled for expressions which interpolate variables.
+See perldoc re, second paragraph of DESCRIPTION. It's a little iffy
+to allow arbitrary regexen, since it's fairly easy to craft a regular
+expression that takes unbounded time to run, but this can be avoided
+with the use of alarm to add a time limit. Something like
+
+ eval { # catches invalid regexen
+ no re 'eval'; # to be sure
+ local $SIG{ALRM} = sub { die };
+ alarm(1);
+ ... stuff involving m/$some_random_variable/ ...
+ alarm(0);
+ };
+ if ($@) { ... handle the error ... }
+
+should be safe. --[[WillThompson]])
+
It would also be good to be able to subscribe to all pages except discussion pages or the SandBox: `* !*/discussion !sandobx`, maybe --[[Joey]]
3. Of course if you do that, you want to have form processing on the user