[Tutor] Untainting CGI parameters

Jan Eden lists at janeden.org
Wed Aug 10 17:56:25 CEST 2005


I would like to untaint all parameters with which my CGI script is called. Example:

if parameters.has_key('type'):
    match = re.search('\w+', parameters['type'].value)
    type = match.group()
else: type = 'page'

In Perl, I used the ternary operator to write it like this:

my $type = ($parameters{type} && ($parameters{type} =~ /^(\w+)$/)) ? $1 : 'page';

While this is not the most beautiful code to look at, I have a weakness for compact programs - so can I shorten the Python equivalent somehow?


A good programmer is someone who looks both ways before crossing a one-way street. - Doug Linder

More information about the Tutor mailing list