Re^2: cgi redirect

by mitchreward (Acolyte)

on Sep 30, 2014 at 09:05 UTC ( [id://1102420]=note: print w/replies, xml )

Need Help??

I'm the only one to use this web page, that is not accessible from the internet. But yeah you're right otherwise, I'd have protected it.

Comment on Re^2: cgi redirect

Replies are listed 'Best First'.
Re^3: cgi redirect by Anonymous Monk on Oct 01, 2014 at 01:34 UTC
This is how security holes get born... maybe someday you'll open the script up for others to use, or you'll be working on something for a client and remember that time you wrote this script, and just copy it over since that's the easiest solution, or ... Better to protect it from the start. And it's not hard to do, at least throwing this in as the first line of the `foreach` already helps against some of the bad stuff: `tr{a-zA-Z0-9_/-}{}cd` (still doesn't protect against symlinks into other directories, and if you add the dot to that list, it won't protect against "..", etc.)	[reply] [d/l] [select]
Re^3: cgi redirect by Anonymous Monk on Oct 01, 2014 at 21:08 UTC
Capture::Tiny `use Capture::Tiny qw/ capture /; my($stdout, $stderr, $exit) = capture { system( 'rm', '-rf', @paths ); };` [download]	[reply] [d/l]

Domain Nodelet^?

Node Status^?

node history
Node Type: note [id://1102420]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others perusing the Monastery: (5)

As of 2025-06-13 07:14 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

No recent polls found

Notices^?

	• erzuuli	‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.