Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight

Re^2: Taint, CGI and perl 5.10

by nextguru (Scribe)
on Mar 11, 2010 at 02:15 UTC ( #827927=note: print w/replies, xml ) Need Help??

in reply to Re: Taint, CGI and perl 5.10
in thread Taint, CGI and perl 5.10

I will try to cut the code down to the smallest instance where the problem still occurs and repost in a bit. Essentially the problem is this:

  • using perl 5.8
  • code working with taint mode turned on, file name comes from user, untainted by code and tainted information written to file successfully.
  • upgrade to 5.10
  • code now broken with 'insecure dependency...' error
  • only way to fix is to untaint the information written to the file. Nothing else changed.
I pass a file handle and the tainted information to a subroutine that does the output. I don't know if that makes a difference. Back in a bit with code sample.

Replies are listed 'Best First'.
Re^3: Taint, CGI and perl 5.10
by ikegami (Pope) on Mar 11, 2010 at 03:17 UTC
    The above does exactly what you said except it gives no error with 5.10.0.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://827927]
[james28909]: but then you have the others as well
[Lady_Aleena]: Renaming things like get_THAC0 to just THAC0 was easy. These are harder.
[james28909]: consolidate the three subs into one
[Lady_Aleena]: Um, what?

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (5)
As of 2017-05-24 04:48 GMT
Find Nodes?
    Voting Booth?