I'm trying to work out how to untaint a path to passed to modules.
eg/stupidly/long/path/here
contains the folders perl and html
I want to be able the get the following ENV var from apache like so:
local our $HTMLPath = $ENV{HTML_TEMPLATE_ROOT};
And pass it to a module so it can be used to create directories/files etc in.
I get the following error (OS X Panther BTW):
Insecure dependency in mkdir while running with -T
obviously I'm not going to turn taint checks off ;) If I set the path explicitly mkdir works fine, but that's not very moduler is it;)
Found this in the perldocs, but I don't understand it:
$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
$path = $ENV{'PATH'}; # $path now NOT taintedAm I going in the right direction? Can anyone give me a clue as to what the above actually does. I assume the delete function removes those items from ENV, but how does that make it untainted? Makes no sense to me.
Cheers
Angie
