Robin said:
Someone posted an unathorized post to my blog, if someone has time...could
you check this out,
http://www.infusedlight.net/robin/temp/blog.txt and
point out the security problems??
quick read (can't be arsed to consider the security problems):
my $rootfile =
$rootfile =~ s/.+\///;
what is this supposed to be doing?
my @blogposts;
@blogposts = getposts ();
why is this two lines?
perltidy is still your friend. Please use it.
$mon++;
$year +=1900;
why are you doing this? There are many fine CPAN modules that handles
dates without such jiggery-pokery.
open (BLOG, $blogfile) or push (@errors, "An error occured:
couldn't open blog file.");
why are you using files when your needs would be much better served with
a proper database?
open (COUNT, ">$countfile") or push (@errors, "An error occured during
posting: couldn't open count file.");
flock (COUNT, LOCK_EX) or push (@errors, "An error occured during
posting: couldn't lock count file.");
your open fails and you save the error (but not $!, which would tell you
what the error is), yet you still continue to the flock. why?
why are you printing html directly from perl? *please* look at (and
understand, and use) templating solutions.
Mark