http://www.perlmonks.org?node_id=172006


in reply to Re: (MeowChow) Re: -d fails outside the current working directory
in thread -d fails outside the current working directory

There are serious security issues you need to consider if you allow users to submit their own paths, depending of course on what you're doing with those paths. For the sake of simplicity, I would recommend that you only allow alphanumerics in these path names. You can then properly untaint and scrub your path as follows:
my $userpath = $CGI->param('userpath'); my $basepath = "C:/wwwroot/whatever"; my $path = join '/', $basepath, $userpath =~ /\w+/g;
Speaking of untainting, you are using -T, right?
   MeowChow                                   
               s aamecha.s a..a\u$&owag.print

Replies are listed 'Best First'.
Re: (MeowChow) Re3: -d fails outside the current working directory
by Anonymous Monk on Jun 05, 2002 at 21:54 UTC

    No I'm not using -T (yet!).

    Mainly, I suspect, because I have not a clue as to what -T is?

    Currently this is way early in development -- both the script and my knowledge -- but I WILL look into it!

    Thanks for the pointer

      -T is taint mode, used for writing secure scripts. Read all about it in perlsec.
         MeowChow                                   
                     s aamecha.s a..a\u$&owag.print