Re^4: Calling perl from CGI


Come for the quick hacks, stay for the epiphanies.
	PerlMonks

Re^4: Calling perl from CGI

by Anonymous Monk

on Sep 07, 2008 at 07:55 UTC ( [id://709619]=note: print w/replies, xml )

Need Help??

in reply to Re^3: Calling perl from CGI
in thread Calling perl from CGI

is free of security concerns.
Not really :) $module is still tainted, and can be abused in the same way ('strict; system qw[ rm -rf / ];')needs to be validated, something like

$module = $1 if /^([a-zA-Z_][a-zA-Z_0-0]*(?:(?:'|::)[a-zA-Z_0-0]+)*)$/
+s;
# or

$module = $1 if /\A[^\W\d]\w*(?:(?:\'|::)\w+)*\z/s;
[download]

Comment on Re^4: Calling perl from CGI Select or Download Code

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://709619]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others surveying the Monastery: (5)

As of 2026-03-16 11:33 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

No recent polls found

Notices^?

	• hippo	‥ epoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
	• erzuuli	‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.