Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic

(MeowChow) Re3: -d fails outside the current working directory

by MeowChow (Vicar)
on Jun 05, 2002 at 20:54 UTC ( #172006=note: print w/replies, xml ) Need Help??

in reply to Re: (MeowChow) Re: -d fails outside the current working directory
in thread -d fails outside the current working directory

There are serious security issues you need to consider if you allow users to submit their own paths, depending of course on what you're doing with those paths. For the sake of simplicity, I would recommend that you only allow alphanumerics in these path names. You can then properly untaint and scrub your path as follows:
my $userpath = $CGI->param('userpath'); my $basepath = "C:/wwwroot/whatever"; my $path = join '/', $basepath, $userpath =~ /\w+/g;
Speaking of untainting, you are using -T, right?
               s aamecha.s a..a\u$&owag.print

Replies are listed 'Best First'.
Re: (MeowChow) Re3: -d fails outside the current working directory
by Anonymous Monk on Jun 05, 2002 at 21:54 UTC

    No I'm not using -T (yet!).

    Mainly, I suspect, because I have not a clue as to what -T is?

    Currently this is way early in development -- both the script and my knowledge -- but I WILL look into it!

    Thanks for the pointer

      -T is taint mode, used for writing secure scripts. Read all about it in perlsec.
                     s aamecha.s a..a\u$&owag.print

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://172006]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (11)
As of 2018-10-16 14:13 GMT
Find Nodes?
    Voting Booth?
    When I need money for a bigger acquisition, I usually ...

    Results (85 votes). Check out past polls.