de-taint doesn't work after upgrading perl

M

mickjames

Hi,

In a cgi script I'm detainting an input variable as
$FORM{'input'} =~ tr/A-Z//cd;
and then passing it to a system call as
system "proggy",$FORM{'input'};

It was working in old perl 5.6 but doesn't in 5.8.
Perl complains about "Insecure dependency".
How should it be detainted now?

Thanks much!
 
G

Gunnar Hjalmarsson

In a cgi script I'm detainting an input variable as
$FORM{'input'} =~ tr/A-Z//cd;
and then passing it to a system call as
system "proggy",$FORM{'input'};

It was working in old perl 5.6 but doesn't in 5.8.
Perl complains about "Insecure dependency".
How should it be detainted now?
Click to expand...

Didn't know the above ever was an allowed way to untaint. This is an
equivalent that does untaint:

$FORM{'input'} = join '', $FORM{'input'} =~ /[A-Z]/g;

Please also study

perldoc perlsec
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Taint mode help 7
How to taint a variable (for testing) 3
Taint mode piped open problem 4
taint issues in utf8_heavy.pl 0
Perl Taint issue 4
Taint problem with ActiveState 7
Taint - having some real trouble here, taint/perl experts, please help 17
Taint Mode Newbie Help 2

Members online

Total: 25 (members: 1, guests: 24)
Robots: 346

Forum statistics

Threads
473,769
Messages
2,569,582
Members
45,071
Latest member
MetabolicSolutionsKeto

Latest Threads

Top