perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clinton Gormley <cl...@traveljury.com >
Subject Re: Insecure dependency in unlink while running with -T switch
Date Sun, 08 Jul 2007 16:54:46 GMT
> $fp =~ /(.*)/;


This doesn't untaint $fp.

instead, you could do this:

  ( $fp )=( $fp =~ /(.*)/ );

To untaint a variable using this method, you need to assign the result
of a regex capture to the variable, not just do a regex check

Clint


Mime
View raw message