Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine

Re^2: Taint, CGI and perl 5.10

by nextguru (Scribe)
on Mar 11, 2010 at 02:15 UTC ( #827927=note: print w/replies, xml ) Need Help??

in reply to Re: Taint, CGI and perl 5.10
in thread Taint, CGI and perl 5.10

I will try to cut the code down to the smallest instance where the problem still occurs and repost in a bit. Essentially the problem is this:

  • using perl 5.8
  • code working with taint mode turned on, file name comes from user, untainted by code and tainted information written to file successfully.
  • upgrade to 5.10
  • code now broken with 'insecure dependency...' error
  • only way to fix is to untaint the information written to the file. Nothing else changed.
I pass a file handle and the tainted information to a subroutine that does the output. I don't know if that makes a difference. Back in a bit with code sample.

Replies are listed 'Best First'.
Re^3: Taint, CGI and perl 5.10
by ikegami (Pope) on Mar 11, 2010 at 03:17 UTC
    The above does exactly what you said except it gives no error with 5.10.0.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://827927]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (4)
As of 2018-05-25 05:55 GMT
Find Nodes?
    Voting Booth?