Is Standalone Trackback safe? I obviously think so, but that and a buck-fifty might buy you a cup of coffee. Here are some reasons to consider giving it a chance.
- The development version runs with the perl taint checks turned on. And the modification to untaint the variable is completely superfluous (this variable is used to generate a filename).
1
2
3
4
5
6
7
8$tb_id =~ tr/a-zA-Z0-9/_/cs;
#untaint the id
if ( $tb_id =~ /(\w+)/ ) {
return $1;
} else {
return '';
} - User input is sanitized to remove harmful html code before it is stored.
- If I can get your eyeballs to scrutinize the code, then we can make it that much safer.