Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery

Re^2: Taint, CGI and perl 5.10

by nextguru (Scribe)
on Mar 11, 2010 at 02:15 UTC ( #827927=note: print w/replies, xml ) Need Help??

in reply to Re: Taint, CGI and perl 5.10
in thread Taint, CGI and perl 5.10

I will try to cut the code down to the smallest instance where the problem still occurs and repost in a bit. Essentially the problem is this:

  • using perl 5.8
  • code working with taint mode turned on, file name comes from user, untainted by code and tainted information written to file successfully.
  • upgrade to 5.10
  • code now broken with 'insecure dependency...' error
  • only way to fix is to untaint the information written to the file. Nothing else changed.
I pass a file handle and the tainted information to a subroutine that does the output. I don't know if that makes a difference. Back in a bit with code sample.

Replies are listed 'Best First'.
Re^3: Taint, CGI and perl 5.10
by ikegami (Pope) on Mar 11, 2010 at 03:17 UTC
    The above does exactly what you said except it gives no error with 5.10.0.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://827927]
[Tux]: 14:32 Europe/Amsterdam, so good afternoon to you :)
[marto]: 13:32, sunny Glasgow :P
[Tux]: as in, some others might appreciate a good morning or goor evening
[Tux]: Glasgow, as in TPCiG-2018 !!!! :) :)
erix would rather appreciate proof of a goodmorning
[marto]: Tux so I'm told :)
[ww]: ww seconds erix view

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (8)
As of 2017-09-22 12:38 GMT
Find Nodes?
    Voting Booth?
    During the recent solar eclipse, I:

    Results (263 votes). Check out past polls.