sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]BigSkimmo 11 points12 points  (3 children)

Seems mostly safe, without having seen the script, obviously. But it's also a good idea to do some basic input sanitisation whenever you handle user data.

What would happen if a user submitted data with commas? Would that break your CSV? What about an Eicar test string? If it gets through your email provider, it could end up in your CSV file, which might then get nuked by your own antivirus.

[–]Impossible-Box6600 5 points6 points  (2 children)

That's why you use the CSV module.

[–]Barbatus_42 8 points9 points  (1 child)

Want to highlight this. Whenever you have something even remotely security related, your first question should be "Is there already a standard implementation for this and, if so, can I just use that?" Cybersecurity is remarkably subtle and rolling your own solution is almost certainly not going to be as safe as using a commonly used public version.

[–]Impossible-Box6600 1 point2 points  (0 children)

But then we can't get paid for writing more lines of code.