Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Re^2: Taint, CGI and perl 5.10

by nextguru (Scribe)
on Mar 11, 2010 at 02:15 UTC ( #827927=note: print w/ replies, xml ) Need Help??

in reply to Re: Taint, CGI and perl 5.10
in thread Taint, CGI and perl 5.10

I will try to cut the code down to the smallest instance where the problem still occurs and repost in a bit. Essentially the problem is this:

  • using perl 5.8
  • code working with taint mode turned on, file name comes from user, untainted by code and tainted information written to file successfully.
  • upgrade to 5.10
  • code now broken with 'insecure dependency...' error
  • only way to fix is to untaint the information written to the file. Nothing else changed.
I pass a file handle and the tainted information to a subroutine that does the output. I don't know if that makes a difference. Back in a bit with code sample.

Comment on Re^2: Taint, CGI and perl 5.10
Replies are listed 'Best First'.
Re^3: Taint, CGI and perl 5.10
by ikegami (Pope) on Mar 11, 2010 at 03:17 UTC
    The above does exactly what you said except it gives no error with 5.10.0.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://827927]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (4)
As of 2015-11-28 07:34 GMT
Find Nodes?
    Voting Booth?

    What would be the most significant thing to happen if a rope (or wire) tied the Earth and the Moon together?

    Results (739 votes), past polls