| On Thu, 23 Feb 1995, der Mouse wrote: | > cleanstrcpy(), referred to several times above, is like strcpy, but it | > strips newlines and copies only a restricted set of characters: | > letters, digits, and !#$%&'*+-./^_`{|}~ - why that set was chosen, | > there's no indication. The reason for that set of characters are that it is the characters that "divide" input into tokens in /bin/sh. CERT once recommended me to use the following set of filtered characters '"', '*', '&', '|', '$', ';', '`', '\', '=', '?', '<', '>', '!', '(', ')', '\n', '{', '}', '[', ']', '^', '`' that is "\"*&|$;'\\=?<>!()\n{}[]^`" If we diff the two sets, we get common: !$*&|'^`{} sendmail: #%+-./_~ cert: ";\=?<>()\n[] There are a few ones missing above, that maybe should be included, like '[' and ']'. There is also a number of additional characters '#', '%', '+', '-', '.', '/', '_' and '~', which I take as erring on the safe side, like avoiding the possibility of specifying paths and arguments to programs. | Actually, I like the approach of "explicitly listing what we know is | good", rather than "exclude characters that we know of that are bad" - | it's a lot safer to verify and has less suprises down the track. Do you mean that one could miss a few of them? Unthinkable! :-) /Christian Wettergren