in reply to Re: Taint, CGI and perl 5.10
in thread Taint, CGI and perl 5.10
The following code exhibits the trouble.
In trying other solutions, I've determined that the here document appears to be the culprit. The following code works fine.#!/usr/bin/perl -wT use strict my $tainteddata = $ARGV[0]; my ($untainteddata) = $tainteddata =~ /^([\w]+)$/; open(my $fh, ">", $untainteddata) or die; printf $fh <<EOMEOM; removing the next line of output allows the script to work the tainted data: $tainteddata script works with or without the following line the untainted data: $untainteddata EOMEOM close ($fh); exit;
This is curious to me. Why the different behavior for here documents? Original version of perl was 5.8.9, now 5.10.1.#!/usr/bin/perl -wT use strict; my $tainteddata = $ARGV[0]; my ($untainteddata) = $tainteddata =~ /^([\w]+)$/; open(my $fh, ">", $untainteddata) or die; printf $fh $tainteddata, "\n"; close ($fh); exit;
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^3: Taint, CGI and perl 5.10
by ikegami (Patriarch) on Mar 11, 2010 at 05:21 UTC | |
by nextguru (Scribe) on Mar 11, 2010 at 05:41 UTC | |
by derby (Abbot) on Mar 11, 2010 at 12:10 UTC | |
Re^3: Taint, CGI and perl 5.10
by rowdog (Curate) on Mar 11, 2010 at 12:44 UTC |
In Section
Seekers of Perl Wisdom