Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re: Using Variables in Path Names

by Fastolfe (Vicar)
on Nov 28, 2001 at 03:22 UTC ( [id://127954]=note: print w/replies, xml ) Need Help??


in reply to Using Variables in Path Names

Danger!

Your script makes some very classic mistakes and has some very serious security vulnerabilities that could allow any person to write files anywhere on your system.

Some things to look at:

To literally answer the question you're asking, yes, you can put variables in a double-quoted string like that. It should do what you're expecting. So the problem must lie in how those variables are assigned. Some debugging code (e.g. print statements here and there) to check that each variable has the value you're expecting, and that each directory exists as you expect, etc., would help in your debugging efforts.

But I wouldn't use this logic as it is at all without doing some serious sanitizing of input and/or verification of each parameter they're passing (e.g. ensuring that the class is a valid class name, that the user is a valid user, etc.). Anyone can put "../../../" in any of those variables and back-track their way out of your filesystem.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://127954]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others wandering the Monastery: (3)
As of 2024-03-29 02:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found