Syntactic Confectionery Delight | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I am talking about your code Elijah! Stop taking this personally! I was speaking of your submit script. I see that you've changed it as you now check whether or not it contains "..". However, note that "blah..pl" most certainly is a legal filename. What do I mean by extracting the file? I mean remove the file portion of a path. That's it. I apologize for being ambiguous. Check out the documentation and notice that File::Spec->splitpath() returns a list containing three elements, the last of which is the filename. That's what I wanted you to grab, the third element of the list which is the part that contains a legal filename. both require the script to be able to write to the cgi-bin folder Do you understand what it means when I say, "While it may not work for your machine, it may work elsewhere?" You fire back with "These are default settings! No one ever changes defaults unless they know what they're doing!" Not necessarily. Some people change permissions on files and directories because they want to create a web interface to upload scripts to their site. Suppose the hosting company setup the account incorrectly? Suppose they accidentally messed up some of the permissions? Suppose they're running a different webserver on a machine where file permissions don't exist? Just because the configuration of your server protects you against a possible exploit in your code DOES NOT mean that you shouldn't protect against it anyway. Understand where I'm going with this? Code responsibly and make your script as secure as possible, especially when you are offering it to the world. antirice In reply to Re^9: issues displaying cgi script source?
by antirice
|
|