Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re^2: How do I test a script that doesn't have a .pl extension

by Corion (Pope)
on Nov 02, 2012 at 13:24 UTC ( #1001971=note: print w/ replies, xml ) Need Help??


in reply to Re: How do I test a script that doesn't have a .pl extension
in thread How do I test a script that doesn't have a .pl extension

Just as a heads-up, I expect Perl to issue a warning (or maybe even a fatal error, maybe with taint) in the future when it is told to open a file from a scalar containing a \0. This is under the assumption that most such usage is malicious, for example to circumvent na´ve "filename" validation like the following:

# Read (malicious) filename from user, over the web: $filename = "/etc/passwd\0.jpg"; # Verify it's a .jpg file: $filename =~ /\.jpg$/ or return; # Verify it exists: -f $filename or return; # Output the file to the user: send_file( $filename );


Comment on Re^2: How do I test a script that doesn't have a .pl extension
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1001971]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (12)
As of 2014-09-23 19:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (239 votes), past polls