I need help debugging/understanding how this piece of code is
working. I have checked values going into and within "cl" and it
operates as expected. Where does the "%+" come from?
===================================================
$DataDir="/www/htdocs/";
$template_directory="templates/";
$template_name="main.htm";
results in "%+/www/htdocs/templates/main.htm"
&cl("$DataDir$template_directory$template_name") =~ /(.+)/;
my $temp_file = $1; #keeps nasties from manipulating
browser window
======================================
sub cl { #untaints for safe open/system calls
$ENV{'PATH'} = '';
my $path = shift(@_);
$path =~ s/[\^\~\\;<>\*\|`&\$!#\(\)\[\]\{\}'"\s]//g; #remove metas
$path =~ s/\.+/./g; #remove ../ exploit
return $path;
}
--
Tom Ransom mailto:[EMAIL PROTECTED]
------------------------------------------------------------------------
After all, it just takes one BIG idea to make your marketing
program stand out in the crowd. <http://1bigidea.com>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
