turnstep wrote:
Please tell us this is not production code being used somewhere. Please?
Unfortunately, I can't tell you that. It is being used. It's in a script that is over 2,000 lines long and does not use strict. I added use strict and an extra 130 lines were added to the error log. As usual, I don't have a lot of time to fix this, and it's called from several different places. My only change at this point was to plug a nasty security that tinman alluded to:
Umm.. a biggie, but I don't think you're untainting any of the file name variables or the param variables that you recieve from the user... so a script kiddie style "rm -rf" hack is possible..
Cheers,
Ovid
Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.
| [reply] [Watch: Dir/Any] |
## Implicit: htmDir no longer ends in a slash
use strict; ## Yay!!
sub updateTiles() {
my $tilefile = "$htmDir/tile.htm";
open(TILE, "$tilefile") or die "Could not open $tilefile: $!\n";
my $tileinfo; { local $/; $tileinfo = <TILE>; }
my $section;
for $section (qw(Tile Pile Link)) {
my $contentTemp = $query->param($section);
## Clean up, aisle seven
$contentTemp =~ y/A-Za-z0-9_\n//cd;
if ($section eq "Pile") {
$contentTemp =~ s#\n#<P></P>#g;
}
elsif ($section eq "Link") {
my $searchterm = $contentTemp;
## Even stricter here:
$searchterm =~ y/a-z//cd;
$contentTemp =
qq{<IMG SRC="images/enter.gif" WIDTH="8" HEIGHT="12">}.
qq{<A HREF="cgi-bin/show.cgi?action=showTiles&tileType=Search}.
qq{&searchFor=$searchterm">View this month's tiles.</A>};
}
## Ugh...I am not going to touch this.
$tileinfo =~ s/<!--$section-->(.*)/<!--$section-->$contentTemp/;
}
## Should probably write a new file and copy/rename but:
## File locking anyone? :)
open(HOME,">$tilefile") or die "Could not write $tilefile: $!\n";
print HOME $tileinfo;
close(HOME);
my $image = $query->param('Image');
if ($image =~ /^[A-Z0-9_]$/i) {
my $newFile = &fileUpload('Image',250000,1,'latest_image',
'JPEG','.jpg','.jpeg');
}
}
Update: Thanks to merlyn for the catch
with the brackets. Now fixed. $Deity help the rest of
the 2000 lines however.
| [reply] [Watch: Dir/Any] [d/l] |
$contentTemp =~ y/[A-Za-z0-9_\n]//cd;
Uh, do you really want to leave brackets in the string?
Or did you mean:
$contentTemp =~ y/A-Za-z0-9_\n//cd;
-- Randal L. Schwartz, Perl hacker | [reply] [Watch: Dir/Any] [d/l] [select] |