de-taint doesn't work after upgrading perl

Discussion in 'Perl Misc' started by mickjames@gmail.com, Jan 8, 2005.

  1. Guest

    Hi,

    In a cgi script I'm detainting an input variable as
    $FORM{'input'} =~ tr/A-Z//cd;
    and then passing it to a system call as
    system "proggy",$FORM{'input'};

    It was working in old perl 5.6 but doesn't in 5.8.
    Perl complains about "Insecure dependency".
    How should it be detainted now?

    Thanks much!
     
    , Jan 8, 2005
    #1
    1. Advertisements

  2. wrote:
    > In a cgi script I'm detainting an input variable as
    > $FORM{'input'} =~ tr/A-Z//cd;
    > and then passing it to a system call as
    > system "proggy",$FORM{'input'};
    >
    > It was working in old perl 5.6 but doesn't in 5.8.
    > Perl complains about "Insecure dependency".
    > How should it be detainted now?


    Didn't know the above ever was an allowed way to untaint. This is an
    equivalent that does untaint:

    $FORM{'input'} = join '', $FORM{'input'} =~ /[A-Z]/g;

    Please also study

    perldoc perlsec

    --
    Gunnar Hjalmarsson
    Email: http://www.gunnar.cc/cgi-bin/contact.pl
     
    Gunnar Hjalmarsson, Jan 8, 2005
    #2
    1. Advertisements

  3. Guest

    Thanks for your help. Perl has the best support of all!
     
    , Jan 8, 2005
    #3
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?U1hM?=
    Replies:
    1
    Views:
    2,092
    Brian K. Williams
    Feb 20, 2004
  2. Shawn

    After upgrading, error 403.1

    Shawn, Mar 29, 2005, in forum: ASP .Net
    Replies:
    13
    Views:
    2,382
    Juan T. Llibre
    Mar 30, 2005
  3. Steve Franks
    Replies:
    2
    Views:
    533
    Steve Franks
    Oct 25, 2005
  4. stephen
    Replies:
    0
    Views:
    415
    stephen
    Jun 19, 2006
  5. Johann C. Rocholl

    Taint (like in Perl) as a Python module: taint.py

    Johann C. Rocholl, Feb 5, 2007, in forum: Python
    Replies:
    5
    Views:
    649
    Johann C. Rocholl
    Feb 6, 2007
  6. Atif Sarfraz
    Replies:
    0
    Views:
    209
    Atif Sarfraz
    Nov 30, 2006
  7. Ben
    Replies:
    17
    Views:
    411
  8. Mark J Fenbers

    Perl Taint issue

    Mark J Fenbers, Jan 28, 2004, in forum: Perl Misc
    Replies:
    4
    Views:
    195
    Mark J Fenbers
    Jan 28, 2004
Loading...