Insecure dependency in open while running with -T switch

Discussion in 'Perl Misc' started by kskkaf, Jul 3, 2004.

  1. kskkaf

    kskkaf Guest

    In an upload subroutine I have the following code:

    open (OUTFILE, "> $root/$docfolder/$fpage") or die "Can't open output
    file for write: $!";

    But the error message as show in the title keeps coming up. Now that I
    insist keeping the -T switch, how can I avoid the error message? Thanks
    for any clue.

    --
    kskkaf
     
    kskkaf, Jul 3, 2004
    #1
    1. Advertising

  2. kskkaf

    Paul Lalli Guest

    "kskkaf" <> wrote in message
    news:cc64sg$ttt$99.com...
    > Subject: Insecure dependency in open while running with -T switch
    > In an upload subroutine I have the following code:
    >
    > open (OUTFILE, "> $root/$docfolder/$fpage") or die "Can't open output
    > file for write: $!";
    >
    > But the error message as show in the title keeps coming up. Now that I
    > insist keeping the -T switch, how can I avoid the error message? Thanks
    > for any clue.


    It's telling you that one or more of $root, $docfolder, or $fpage are
    tainted. That is, they came from user input or another insecure method.
    You must untaint this data before using it to open a file. Untainting means
    to verify, via regular expressions, that the data is what it's allowed to
    be. Read
    perldoc perlsec
    for more information and examples.

    Paul Lalli
     
    Paul Lalli, Jul 3, 2004
    #2
    1. Advertising

  3. kskkaf

    kskkaf Guest

    Paul Lalli wrote:
    >
    > It's telling you that one or more of $root, $docfolder, or $fpage are
    > tainted. That is, they came from user input or another insecure method.
    > You must untaint this data before using it to open a file. Untainting means
    > to verify, via regular expressions, that the data is what it's allowed to
    > be. Read
    > perldoc perlsec
    > for more information and examples.
    >
    > Paul Lalli
    >

    Thanks Paul!

    --
    kskkaf
     
    kskkaf, Jul 3, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. danpres2k
    Replies:
    0
    Views:
    1,479
    danpres2k
    Aug 13, 2003
  2. Noen

    Running insecure python code

    Noen, Feb 26, 2004, in forum: Python
    Replies:
    7
    Views:
    414
    Mark 'Kamikaze' Hughes
    Mar 6, 2004
  3. Regent
    Replies:
    3
    Views:
    406
    John W. Krahn
    Apr 24, 2004
  4. ct
    Replies:
    2
    Views:
    145
    Eric Schwartz
    Feb 22, 2006
  5. Switch Within A Switch

    , Apr 22, 2006, in forum: Javascript
    Replies:
    7
    Views:
    116
    Lasse Reichstein Nielsen
    Apr 22, 2006
Loading...

Share This Page