Re: (MeowChow) Re: -d fails outside the current working directory

Thankyou!

Excuses:I did read the readdir docs, I am unfortuantely still at the stage where I get lost in the syntax and therefore don't recognise the significance of the sample code;(

Am I going to get into problems with using paths (abs or rel) when the "user defined path" is actually a relative path derived from the query parameter of an URL and the script will be running in the context of Apache?

Comment on Re: (MeowChow) Re: -d fails outside the current working directory

Replies are listed 'Best First'.
(MeowChow) Re3: -d fails outside the current working directory by MeowChow (Vicar) on Jun 05, 2002 at 20:54 UTC
There are serious security issues you need to consider if you allow users to submit their own paths, depending of course on what you're doing with those paths. For the sake of simplicity, I would recommend that you only allow alphanumerics in these path names. You can then properly untaint and scrub your path as follows: `my $userpath = $CGI->param('userpath'); my $basepath = "C:/wwwroot/whatever"; my $path = join '/', $basepath, $userpath =~ /\w+/g;` [download] Speaking of untainting, you are using -T, right? MeowChow s aamecha.s a..a\u$&owag.print	[reply] [d/l]
Re: (MeowChow) Re3: -d fails outside the current working directory by Anonymous Monk on Jun 05, 2002 at 21:54 UTC
No I'm not using -T (yet!). Mainly, I suspect, because I have not a clue as to what -T is? Currently this is way early in development -- both the script and my knowledge -- but I WILL look into it! Thanks for the pointer	[reply]
(MeowChow) Re5: -d fails outside the current working directory by MeowChow (Vicar) on Jun 05, 2002 at 21:56 UTC
-T is taint mode, used for writing secure scripts. Read all about it in perlsec. MeowChow s aamecha.s a..a\u$&owag.print	[reply]


The stupid question is the question not asked
	PerlMonks