Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight

Re: (MeowChow) Re: -d fails outside the current working directory

by Anonymous Monk
on Jun 05, 2002 at 10:53 UTC ( [id://171790]=note: print w/replies, xml ) Need Help??

in reply to (MeowChow) Re: -d fails outside the current working directory
in thread -d fails outside the current working directory


Excuses:I did read the readdir docs, I am unfortuantely still at the stage where I get lost in the syntax and therefore don't recognise the significance of the sample code;(

Am I going to get into problems with using paths (abs or rel) when the "user defined path" is actually a relative path derived from the query parameter of an URL and the script will be running in the context of Apache?

  • Comment on Re: (MeowChow) Re: -d fails outside the current working directory

Replies are listed 'Best First'.
(MeowChow) Re3: -d fails outside the current working directory
by MeowChow (Vicar) on Jun 05, 2002 at 20:54 UTC
    There are serious security issues you need to consider if you allow users to submit their own paths, depending of course on what you're doing with those paths. For the sake of simplicity, I would recommend that you only allow alphanumerics in these path names. You can then properly untaint and scrub your path as follows:
    my $userpath = $CGI->param('userpath'); my $basepath = "C:/wwwroot/whatever"; my $path = join '/', $basepath, $userpath =~ /\w+/g;
    Speaking of untainting, you are using -T, right?
                   s aamecha.s a..a\u$&owag.print

      No I'm not using -T (yet!).

      Mainly, I suspect, because I have not a clue as to what -T is?

      Currently this is way early in development -- both the script and my knowledge -- but I WILL look into it!

      Thanks for the pointer

        -T is taint mode, used for writing secure scripts. Read all about it in perlsec.
                       s aamecha.s a..a\u$&owag.print

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://171790]
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (7)
As of 2024-05-21 13:39 GMT
Find Nodes?
    Voting Booth?

    No recent polls found