good chemistry is complicated, and a little bit messy -LW |
|
PerlMonks |
Re: Re(2) (ichimunki): Security issues when allowing file upload via CGIby nufsaid (Beadle) |
on Dec 07, 2001 at 00:42 UTC ( [id://130061]=note: print w/replies, xml ) | Need Help?? |
I like the idea, but don't you have to be careful
of this line?
my $file_cmd_output = `file $fn`; $fn is tainted and doesn't this give them the chance to sneak a command in via $fn? Need to make sure $fn is clean. Joe.
In Section
Seekers of Perl Wisdom
|
|