de-taint doesn't work after upgrading perl

Discussion in 'Perl Misc' started by mickjames@gmail.com, Jan 8, 2005.

  1. Guest

    Hi,

    In a cgi script I'm detainting an input variable as
    $FORM{'input'} =~ tr/A-Z//cd;
    and then passing it to a system call as
    system "proggy",$FORM{'input'};

    It was working in old perl 5.6 but doesn't in 5.8.
    Perl complains about "Insecure dependency".
    How should it be detainted now?

    Thanks much!
    , Jan 8, 2005
    #1
    1. Advertising

  2. wrote:
    > In a cgi script I'm detainting an input variable as
    > $FORM{'input'} =~ tr/A-Z//cd;
    > and then passing it to a system call as
    > system "proggy",$FORM{'input'};
    >
    > It was working in old perl 5.6 but doesn't in 5.8.
    > Perl complains about "Insecure dependency".
    > How should it be detainted now?


    Didn't know the above ever was an allowed way to untaint. This is an
    equivalent that does untaint:

    $FORM{'input'} = join '', $FORM{'input'} =~ /[A-Z]/g;

    Please also study

    perldoc perlsec

    --
    Gunnar Hjalmarsson
    Email: http://www.gunnar.cc/cgi-bin/contact.pl
    Gunnar Hjalmarsson, Jan 8, 2005
    #2
    1. Advertising

  3. Guest

    Thanks for your help. Perl has the best support of all!
    , Jan 8, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. stephen
    Replies:
    0
    Views:
    334
    stephen
    Jun 19, 2006
  2. Johann C. Rocholl

    Taint (like in Perl) as a Python module: taint.py

    Johann C. Rocholl, Feb 5, 2007, in forum: Python
    Replies:
    5
    Views:
    462
    Johann C. Rocholl
    Feb 6, 2007
  3. Atif Sarfraz
    Replies:
    0
    Views:
    115
    Atif Sarfraz
    Nov 30, 2006
  4. Ben
    Replies:
    17
    Views:
    217
  5. Mark J Fenbers

    Perl Taint issue

    Mark J Fenbers, Jan 28, 2004, in forum: Perl Misc
    Replies:
    4
    Views:
    99
    Mark J Fenbers
    Jan 28, 2004
Loading...

Share This Page