I really really want to keep -T in my shebang to keep my script safe, but I
simply cannot get the script to work properly. I am driving myself crazy
because I don't want to cop out and delete the -T.
I collect about 10 pieces of data from a form, store them into variables,
and then match them to supposedly untaint them, like this (I've tried
various ways):
my $firstName=$q->param('firstName');
if ($firstName =~ /([\w\s\-\.',]+)/) {
$firstName = $1;
} else {
err();
}
I do this with each piece of data. Then, assuming the person passes the quiz
I've given, eventually I create an HTML certificate printing a few of these
variables (which does work with the -T switch), send an email (via sendmail)
confirming that they passed (which is NOT working with -T) and finally
append the data to a text file (also NOT working with -T). I don't get
compile errors; Perl just seems to quietly not do what I want it to!
My suspicion is that I'm not untainting properly, because I am not allowed
to modify files or make the call to sendmail; but the documentation is very
sparse, and I'm running out of ideas. Anyone have advice? Thanks!
[I also seem to vaguely recall a compatibility problem with Perl 5 and
Solaris 2.8 using -T: can anyone confirm this?]
Bill
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
