Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

Hello, I am writing an application that will be hosted on several Apache webservers, which may have different directory structures. The application will reference a number of directories and files ("config", "log", "data", etc.) under an application base directory. Since each server's directory structure might be different, though, the pathnames to the base directory will vary from server to server. I thought I would define an environment variable in the Apache configuration that would tell the CGI where to find its base directory, like this:

#!\strawberry\perl\bin\perl.exe use strict; use File::Spec::Functions; my $logfile = catdir($ENV{AppBase}, "mylogfile"); print "opening $logfile ...\n"; open (LOGFILE, ">>$logfile") || die "couldn't open log file \n"; print LOGFILE "test log file line"; close(LOGFILE);

That works fine, until I turn on taint mode. When I turn on taint mode, I get this:

Insecure dependency in open while running with -T switch at MyCgiProg. +pl line 8.

I understand why taint mode doesn't like my code: a malicious (or careless) Apache admin might point that ENV variable to the wrong directory and cause something important to be overwritten.

I'm sure other more seasoned programmers have handled this problem before, and I'd love to hear how you handled it. Thanks in advance for your assistance.

Regards, Darren

In reply to How to safely define a CGI program's application base directory by ddmiller

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and all is quiet...

    How do I use this? | Other CB clients
    Other Users?
    Others contemplating the Monastery: (4)
    As of 2018-06-24 13:42 GMT
    Find Nodes?
      Voting Booth?
      Should cpanminus be part of the standard Perl release?

      Results (126 votes). Check out past polls.