R
raw.com
I have a simple upload script that uses the (Fh) filehandles returned
by CGI::upload() in a call to File::Copy::copy(). Works fine without
taint mode turned on. Under -t I get:
Insecure dependency in open while running with -T switch at
C:/Perl/lib/File/Copy.pm line 133
That line is, indeed, the call to open().
Untainting my filehandle (using IO::Handle::untaint(*{$fh}{IO}), which
returns 0, indicating "success") does not do the trick.
In the debugger, using this as a taint-check:
sub is_tainted
{
return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 };
}
I see that my filehandles remain tainted even after the call to
IO::Handle:untaint().
Other postings I've read suggest that these filehandles do not need to
be untainted.
Any suggestions?
Cheers,
Richard
by CGI::upload() in a call to File::Copy::copy(). Works fine without
taint mode turned on. Under -t I get:
Insecure dependency in open while running with -T switch at
C:/Perl/lib/File/Copy.pm line 133
That line is, indeed, the call to open().
Untainting my filehandle (using IO::Handle::untaint(*{$fh}{IO}), which
returns 0, indicating "success") does not do the trick.
In the debugger, using this as a taint-check:
sub is_tainted
{
return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 };
}
I see that my filehandles remain tainted even after the call to
IO::Handle:untaint().
Other postings I've read suggest that these filehandles do not need to
be untainted.
Any suggestions?
Cheers,
Richard