in reply to How to safely define a CGI program's application base directory
Just use the standard laundering technique (see perlsec):
my $app_base = $ENV{AppBase}; if ($app_base =~ m{^(/var/www/[^/]+)$}) { $app_base = $1; # $app_base no longer tainted. } my $logfile = catdir($app_base, 'mylogfile');
لսႽ† ᥲᥒ⚪⟊Ⴙᘓᖇ Ꮅᘓᖇ⎱ Ⴙᥲ𝇋ƙᘓᖇ
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: How to safely define a CGI program's application base directory
by ddmiller (Initiate) on Feb 10, 2013 at 21:47 UTC | |
by choroba (Cardinal) on Feb 10, 2013 at 22:37 UTC |
In Section
Seekers of Perl Wisdom