On Sat, Nov 12, 2011 at 08:24:52AM -0300, Tessio Fechine wrote:
> But why the same code works fine at command line? That's what bothers me
> most.
> And.. there is no code duplication. search.pl is a normal script that I use
> at command line. I just want to output the result in a web page.
>
> Th
But why the same code works fine at command line? That's what bothers me
most.
And.. there is no code duplication. search.pl is a normal script that I use
at command line. I just want to output the result in a web page.
Thanks!
2011/11/12 Peter Scott
> On Fri, 11 Nov 2011 19:08:18 -0300, Tessio
On Fri, 11 Nov 2011 19:08:18 -0300, Tessio Fechine wrote:
> #!/usr/bin/perl -T -w
>
> use strict;
> use CGI;
>
> $ENV{PATH} = '/var/www/cgi-bin/';
> my $exec = 'search.pl';
>
>
> my $c = CGI->new();
> print $c->header(), $c->start_html(-title => "It's alive!\n"), "\n";
>
> my $search = $c->par
On Wed, 2009-08-26 at 14:48 -0700, Mark Wagner wrote:
> On Mon, Aug 24, 2009 at 06:06, Tim Bowden wrote:
> > On Mon, 2009-08-24 at 14:46 +0200, Rob Coops wrote:
>
> >
> >> In your case where you run the script from a command line you will still
> >> want to make sure that a user is not for instan
On Mon, Aug 24, 2009 at 06:06, Tim Bowden wrote:
> On Mon, 2009-08-24 at 14:46 +0200, Rob Coops wrote:
>
>> In your case where you run the script from a command line you will still
>> want to make sure that a user is not for instance printing a socket or some
>> part of the memory.
>
> The -f tes
On Mon, 2009-08-24 at 14:46 +0200, Rob Coops wrote:
> On Mon, Aug 24, 2009 at 2:17 PM, Tim Bowden wrote:
>
> > #!/usr/bin/perl -wT
> > use strict;
> >
> > my $filename = shift @ARGV;
> >
> > if (-f $filename){
> > open OUT, "> $filename.new" or die "can't open $filename.new: $!";
> > print OUT "
On Mon, Aug 24, 2009 at 2:17 PM, Tim Bowden wrote:
> #!/usr/bin/perl -wT
> use strict;
>
> my $filename = shift @ARGV;
>
> if (-f $filename){
> open OUT, "> $filename.new" or die "can't open $filename.new: $!";
> print OUT "are we safe?\n";
> close OUT;
> }
>
> This dies with "Insecure dependen
On 3/25/06, Tom Allison <[EMAIL PROTECTED]> wrote:
> I would have expected this to require me to do something to untaint the
> value in $username.
Think of taint checking as a big safety net with holes in it. It's
better than no net at all, but it's not perfect safety.
> Doesn't this lead to SQL
- Original Message -
From: "Tom Allison" <[EMAIL PROTECTED]>
Newsgroups: perl.beginners
To: "beginners perl"
Sent: Saturday, March 25, 2006 1:33 PM
Subject: Taint mode and SQL
I was looking at some code of mine and it seems that there is a potential
for a problem here that I wasn't
On 12/9/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Setup: Perl 5.8, WinXP
>
> I have created the code below to test Taint mode. The testapp.exe
> program is actually the standard windows "attrib.exe" but renamed and
> placed in my CWD. The program as it is below works as expected, however i
Keith wrote:
I seem to recall that the shebang line is generally ignored in
Windows,
Even if the path to perl is, the flags are not. (Disclaimer: There may
be exceptions...)
Now, if that is so, is there a way to turn on taint ( -T at end of
shebang line) for perl scripts in Windows
Yes: The -T fl
Bob Showalter wrote:
Jenda Krynicky wrote:
From: "Bob Showalter" <[EMAIL PROTECTED]>
Vic wrote:
I wanna ask when running Apache 2.046 under Windows XP with
mod_cgi, how can I turn on the taint mode for the Perl
interpretor? (i guess the shebang line wont work since windows
nvr look at them anywa
Jenda Krynicky wrote:
> From: "Bob Showalter" <[EMAIL PROTECTED]>
> > Vic wrote:
> > > I wanna ask when running Apache 2.046 under Windows XP with
> > > mod_cgi, how can I turn on the taint mode for the Perl
> > > interpretor? (i guess the shebang line wont work since windows
> > > nvr look at them
From: "Bob Showalter" <[EMAIL PROTECTED]>
> Vic wrote:
> > I wanna ask when running Apache 2.046 under Windows XP with mod_cgi,
> > how can I turn on the taint mode for the Perl interpretor? (i guess
> > the shebang line wont work since windows nvr look at them anyway.)
>
> No. Perl will parse the
Vic wrote:
> Hi.
> I am new to perl so hope u wont flame me for asking sth stupid =)
What does "sth" mean?
>
> I wanna ask when running Apache 2.046 under Windows XP with mod_cgi,
> how can I turn on the taint mode for the Perl interpretor?
> (i guess the shebang line wont work since windows nvr
Hi Kurt,
You need to do:
perl -Tc file.cgi
What is happening is that when perl inspects your #! line switches, it sees -T
and tries to put on taint mode, but it is too late to taint things by that
time. This is the explination in perldiag:
Too late for -T option
(X) T
Kurt Edmiston wrote:
>
> Hi, I'm trying to use taint mode on one of my cgi programs using the -T flag.
>
> #!/usr/local/bin/perl -wT
>
> When I check the syntax with "perl -c file.cgi" I get the following message:
>
> Too late for "-T" option at manager.cgi line 1.
Try
perl -cT manager.
17 matches
Mail list logo
