thanks for that. Makes sense. Sadly didn't work though:
Here's some sample code:
my $HTML_Path = "";
if ($arg{HTML_Path}) {$HTML_Path = $arg{HTML_Path};}
$HTML_Path =~ s#^(~|../)##;
my $newdir = $HTML_Path . "/usr/" . $un;
mkdir $newdir; If I comment the line passing the arg{HTML_Path} and put an explicit path it it works.
If I get the arg and then test it I still get the "Insecure dependency in mkdir while running with -T" error.
$arg{HTML_Path} is passed from the handler and is set. It's what I'm pasting in to test explicitly.
eg $hlomuser->Create_UserDir(HTML_Path=>$HTMLPath);
The above code is from subroutine Create_UserDir and that parts working just great.
Close, but no cigar ;(
Cheers
Angie
On 15 Apr 2004, at 13:17, Gary Stainburn wrote:
$HTMLPath is tainted because $ENV{HTML_TEMPLATE_ROOT} is tainted.
You need to untaint $HTMLPath by amending it somehow. A common method is to
use a regex to remove 'dodgy' characters, such as ~ and % or '../' which
could be used to jump to another part of your system.
The result would be a untainted $HTMLPath.
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
