Angie Ahl wrote:
> Hi Gary
>
> That was it. so using the result of a regex test gets around it..
> That's a wise practice.
You should read over "perldoc perlsec". It explains how this works:
"The only way to bypass the tainting mechanism is by referencing
subpatterns from a regular expres
Hi Gary
That was it. so using the result of a regex test gets around it..
That's a wise practice.
I new perl was being mean just for fun. that *so* not perl
Thank you so much.
Angie
Okay Angie,
try this one, taken from the docs. It works because I'm setting $PATH
to an
absolute value inst
Okay Angie,
try this one, taken from the docs. It works because I'm setting $PATH to an
absolute value instead of updating it. You may want to play with the regex to
improve it, but this basic test worked.
#!/usr/bin/perl -Tw
my $PATH=$ENV{'MYPATH'};
print "PATH=$PATH\n";
if ($PATH=~/^([-\/\
Hi Gary
thanks for that. Makes sense. Sadly didn't work though:
Here's some sample code:
my $HTML_Path = "";
if ($arg{HTML_Path}) {$HTML_Path = $arg{HTML_Path};}
$HTML_Path =~ s#^(~|../)##;
my $newdir = $HTML_Path . "/usr/" . $un;
mkdir $newdir;
If I comment the line passing the arg{HTML_Path}
Hi Angie,
it's a while since I've looked at this, so no warranty.
On Thursday 15 Apr 2004 12:55 pm, Angie Ahl wrote:
> Hi everyone.
>
> I'm trying to work out how to untaint a path to passed to modules.
>
> eg/stupidly/long/path/here
>
> contains the folders perl and html
>
> I want to be able th
Hi everyone.
I'm trying to work out how to untaint a path to passed to modules.
eg/stupidly/long/path/here
contains the folders perl and html
I want to be able the get the following ENV var from apache like so:
local our $HTMLPath = $ENV{HTML_TEMPLATE_ROOT};
And pass it to a module so it can
