in reply to Re: Taint, CGI and perl 5.10
in thread Taint, CGI and perl 5.10
I will try to cut the code down to the smallest instance where the problem still occurs and repost in a bit. Essentially the problem is this:
I pass a file handle and the tainted information to a subroutine that does the output. I don't know if that makes a difference. Back in a bit with code sample.
- using perl 5.8
- code working with taint mode turned on, file name comes from user, untainted by code and tainted information written to file successfully.
- upgrade to 5.10
- code now broken with 'insecure dependency...' error
- only way to fix is to untaint the information written to the file. Nothing else changed.