Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re^2: How do I test a script that doesn't have a .pl extension

by Corion (Pope)
on Nov 02, 2012 at 13:24 UTC ( #1001971=note: print w/replies, xml ) Need Help??


in reply to Re: How do I test a script that doesn't have a .pl extension
in thread How do I test a script that doesn't have a .pl extension

Just as a heads-up, I expect Perl to issue a warning (or maybe even a fatal error, maybe with taint) in the future when it is told to open a file from a scalar containing a \0. This is under the assumption that most such usage is malicious, for example to circumvent na´ve "filename" validation like the following:

# Read (malicious) filename from user, over the web: $filename = "/etc/passwd\0.jpg"; # Verify it's a .jpg file: $filename =~ /\.jpg$/ or return; # Verify it exists: -f $filename or return; # Output the file to the user: send_file( $filename );

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1001971]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (6)
As of 2016-10-01 18:06 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    How many different varieties (color, size, etc) of socks do you have in your sock drawer?






    Results (3 votes). Check out past polls.