
more useful options
	PerlMonks

Re: Using Variables in Path Names

by andye (Curate)

on Nov 28, 2001 at 10:44 UTC ( [id://128035]=note: print w/replies, xml )

Need Help??

This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.

in reply to Using Variables in Path Names

Hi lfindle, just a quick note in addition to all the useful advice above.

One alternative (to constructing the pathname by untainting user-supplied parameters) would be to match the incoming parameters against a hash of allowable values. Obviously this only works if there are a fixed set of allowable values.

So, say that the incoming param is called 'dir', and you don't want to allow anything except 'a','b' or 'c', you could do:

my %allowed_dirs = (a => 'a', b => 'b', c => 'c');
my $dir = $allowed_dirs{$q->param('dir')};
die "go away, you nasty horrid hacker" unless defined $dir;
[download]

Then you can interpolate $dir into your path in the certain knowledge that Everything Is All Right.

hth,
andy.

Comment on Re: Using Variables in Path Names Download Code

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://128035]
help

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Notices^?

	• hippo	‥ epoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
	• erzuuli	‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.