Telnet URL handler, part 3

Philip continues to play devil’s advocate / script kiddie for my telnet URL handler. My input checker allowed host/port definitions to begin with a hyphen character. That’s an invalid domain name, so I ignored the possibility that someone might try it. Philip used it to pass a switch to the telnet/ssh command.

Here is attempt number 3, now with more complicated regular expressions:

# parse URL
($protocol,$host) = split /:\/\//, $ARGV[0];
($host,$port) = split /:/, $host;

# validate input
if ( $protocol !~ /^(telnet|ssh)$/ ||
   $host !~ /^[a-zA-Z0-9][a-zA-Z0-9.-]*$/ ||
   $port !~ /(^[a-zA-Z0-9][a-zA-Z0-9_-]*$|^$)/ ) {
        warn "Invalid URL";
        exit 1;

# if SSH, add -p argument
if ( $protocol eq "ssh" && $port != '' ) { $port = "-p $port" ; }

# call terminal emulator
exec("konsole --hold -e $protocol $host $port");

Your move, sir.

You can download an updated url-terminal script here. You can read the post that started this here.

Tags: , ,

  1. Stocky’s avatar

    Its not entirely clear to me what your use case here is, but when you’re execing with elevated privileges you normally want to specify your binaries by a full path, otherwise I can put a ‘konsole’ script in my path ahead of the real binary. Same with ssh and telnet.

    Looks good!


    1. tyler’s avatar

      My intention is to protect against mal-formed URLs. If the user has a local script named konsole, ssh, or telnet, that’s his own problem. :)


    2. Stocky’s avatar

      Ah, fair enough. I should check older posts before I speak. :)


    3. Philip’s avatar

      I’m officially declaring the script bug-free, and waiting to be proved wrong ;)


      1. tyler’s avatar

        That endorsement is totally going in the source code. It’s all your fault now!


      2. tyler’s avatar

        And seriously, thanks for the help. I learned some things.


      3. Muhammad Ausaf Ali Yousaf’s avatar

        Dear Experts,

        This script does not even opens a gnome terminal window for me. Please help me resolve this issue.

        Waiting eagerly for your kind reply.




Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.