perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mer...@stonehenge.com (Randal L. Schwartz)
Subject Re: Insecure dependency in unlink while running with -T switch
Date Sun, 08 Jul 2007 18:26:33 GMT
>>>>> "Clinton" == Clinton Gormley <clint@traveljury.com > writes:

>> $fp =~ /(.*)/;
Clinton> This doesn't untaint $fp.

Clinton> instead, you could do this:

Clinton>   ( $fp )=( $fp =~ /(.*)/ );

Don't forget the /s.  Remember, Unix paths can contain newline.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Mime
View raw message