Telnet URL handler, part 3

Philip continues to play devil’s advocate / script kiddie for my telnet URL handler. My input checker allowed host/port definitions to begin with a hyphen character. That’s an invalid domain name, so I ignored the possibility that someone might try it. Philip used it to pass a switch to the telnet/ssh command.

Here is attempt number 3, now with more complicated regular expressions:

# parse URL
($protocol,$host) = split /:\/\//, $ARGV[0];
($host,$port) = split /:/, $host;

# validate input
if ( $protocol !~ /^(telnet|ssh)$/ ||
   $host !~ /^[a-zA-Z0-9][a-zA-Z0-9.-]*$/ ||
   $port !~ /(^[a-zA-Z0-9][a-zA-Z0-9_-]*$|^$)/ ) {
        warn "Invalid URL";
        exit 1;

# if SSH, add -p argument
if ( $protocol eq "ssh" && $port != '' ) { $port = "-p $port" ; }

# call terminal emulator
exec("konsole --hold -e $protocol $host $port");

Your move, sir.

You can download an updated url-terminal script here. You can read the post that started this here.

Tags: , ,

  1. Stocky’s avatar

    Its not entirely clear to me what your use case here is, but when you’re execing with elevated privileges you normally want to specify your binaries by a full path, otherwise I can put a ‘konsole’ script in my path ahead of the real binary. Same with ssh and telnet.

    Looks good!


    1. tyler’s avatar

      My intention is to protect against mal-formed URLs. If the user has a local script named konsole, ssh, or telnet, that’s his own problem. :)


    2. Stocky’s avatar

      Ah, fair enough. I should check older posts before I speak. :)


    3. Philip’s avatar

      I’m officially declaring the script bug-free, and waiting to be proved wrong ;)


      1. tyler’s avatar

        That endorsement is totally going in the source code. It’s all your fault now!


      2. tyler’s avatar

        And seriously, thanks for the help. I learned some things.


      3. Muhammad Ausaf Ali Yousaf’s avatar

        Dear Experts,

        This script does not even opens a gnome terminal window for me. Please help me resolve this issue.

        Waiting eagerly for your kind reply.



Reply to Muhammad Ausaf Ali Yousaf Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.