Beefy Boxes and Bandwidth Generously Provided by pair Networks DiBona
Don't ask to ask, just ask
 
PerlMonks  

(MeowChow) Re3: -d fails outside the current working directory

by MeowChow (Vicar)
on Jun 05, 2002 at 16:54 UTC ( [id://172006]=note: print w/replies, xml ) Need Help??

This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.


in reply to Re: (MeowChow) Re: -d fails outside the current working directory
in thread -d fails outside the current working directory

There are serious security issues you need to consider if you allow users to submit their own paths, depending of course on what you're doing with those paths. For the sake of simplicity, I would recommend that you only allow alphanumerics in these path names. You can then properly untaint and scrub your path as follows: 
my $userpath = $CGI->param('userpath');
my $basepath = "C:/wwwroot/whatever";
my $path = join '/', $basepath, $userpath =~ /\w+/g;

[download]
Speaking of untainting, you are using -T, right? 
   MeowChow                                   
               s aamecha.s a..a\u$&owag.print

Replies are listed 'Best First'.
Re: (MeowChow) Re3: -d fails outside the current working directory
by Anonymous Monk on Jun 05, 2002 at 17:54 UTC

    No I'm not using -T (yet!).

    Mainly, I suspect, because I have not a clue as to what -T is?

    Currently this is way early in development -- both the script and my knowledge -- but I WILL look into it!

    Thanks for the pointer

[reply]
      -T is taint mode, used for writing secure scripts. Read all about it in perlsec. 
         MeowChow                                   
               s aamecha.s a..a\u$&owag.print
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://172006]
help
Sections?
Information?
Find Nodes?
Leftovers?
    Notices?
    hippoepoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
    erzuuliAnonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.