Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re^2: Taint, CGI and perl 5.10

by nextguru (Scribe)
on Mar 11, 2010 at 02:15 UTC ( #827927=note: print w/ replies, xml ) Need Help??


in reply to Re: Taint, CGI and perl 5.10
in thread Taint, CGI and perl 5.10

I will try to cut the code down to the smallest instance where the problem still occurs and repost in a bit. Essentially the problem is this:

  • using perl 5.8
  • code working with taint mode turned on, file name comes from user, untainted by code and tainted information written to file successfully.
  • upgrade to 5.10
  • code now broken with 'insecure dependency...' error
  • only way to fix is to untaint the information written to the file. Nothing else changed.
I pass a file handle and the tainted information to a subroutine that does the output. I don't know if that makes a difference. Back in a bit with code sample.


Comment on Re^2: Taint, CGI and perl 5.10
Re^3: Taint, CGI and perl 5.10
by ikegami (Pope) on Mar 11, 2010 at 03:17 UTC
    The above does exactly what you said except it gives no error with 5.10.0.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://827927]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (10)
As of 2015-07-06 21:42 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (83 votes), past polls