Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re^2: PerlTaintCheck and configuration for secure paths

by geektron (Curate)
on Jun 22, 2006 at 17:44 UTC ( #556961=note: print w/ replies, xml ) Need Help??


in reply to Re: PerlTaintCheck and configuration for secure paths
in thread PerlTaintCheck and configuration for secure paths

$thumbName is constructed in the code. because of that, i thought it didn't need extra sanitizing.

I'll test it w/ Scalar::Util to ensure that's the tainted part ...


Comment on Re^2: PerlTaintCheck and configuration for secure paths
Download Code
Re^3: PerlTaintCheck and configuration for secure paths
by shmem (Canon) on Jun 22, 2006 at 17:51 UTC
    If $thumbName was constructed with whatsoever variable that is tainted and not sanitized, it becomes tainted as well.

    In perlsec is a snippet of code:

    sub is_tainted { return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 }; }
    --shmem
    _($_=" "x(1<<5)."?\n".q/)Oo.  G\        /
                                  /\_/(q    /
    ----------------------------  \__(m.====.(_("always off the crowd"))."
    ");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}
      the operative phrasing i missed: *not sanitized* ... after re-reading perlsec for the 3231244^34 time today, the "not sanitized" part kicked in.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://556961]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (3)
As of 2014-07-14 00:43 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (253 votes), past polls