> "Clinton" == Clinton Gormley <[EMAIL PROTECTED] > writes:
>> $fp =~ /(.*)/;
Clinton> This doesn't untaint $fp.
Clinton> instead, you could do this:
Clinton> ( $fp )=( $fp =~ /(.*)/ );
Don't forget the /s. Remember, Unix paths can contain newline.
--
Randal L. Schwartz - Stonehenge Co
d, you need to assign the result
> of a regex capture to the variable, not just do a regex check
>
> Clint
>
>
>
--
View this message in context:
http://www.nabble.com/Insecure-dependency-in-unlink-while-running-with--T-switch-tf4045039.html#a11490823
Sent from the mod_perl - General mailing list archive at Nabble.com.
> $fp =~ /(.*)/;
This doesn't untaint $fp.
instead, you could do this:
( $fp )=( $fp =~ /(.*)/ );
To untaint a variable using this method, you need to assign the result
of a regex capture to the variable, not just do a regex check
Clint
by using a cron job. If
anyone has any ideas, though, I'd love to hear them.
--
View this message in context:
http://www.nabble.com/Insecure-dependency-in-unlink-while-running-with--T-switch-tf4045039.html#a11490226
Sent from the mod_perl - General mailing list archive at Nabble.com.
