On Jun 5, Mark Ross said:
>I'm very confused on how to use taint for my cgi scripts.
>
>"Too late for "-T" option at w:\cgi-bin\admin\tainttest.pl line 1."
The first place to find explanations for error messages is in the perldiag
documentation. You can even embed an automatic look-up feature by
including:
use diagnostics;
in your code. Looking through the docs, we see:
Too late for "-T" option
(X) The #! line (or local equivalent) in a Perl script
contains the -T option, but Perl was not invoked with -T
in its command line. This is an error because, by the
time Perl discovers a -T in a script, it's too late to
properly taint everything from the environment. So Perl
gives up.
If the Perl script is being executed as a command using
the #! mechanism (or its local equivalent), this error
can usually be fixed by editing the #! line so that the
-T option is a part of Perl's first argument: e.g.
change perl -n -T to perl -T -n.
> If the Perl script is being executed as perl scriptname,
> then the -T option must appear on the command line: perl
> -T scriptname.
That last paragraph is of interest to you, I think.
As far as HOW tainting is used, it demands you check and validate any
outside information (environment variables, arguments, CGI query data,
etc.) before using it in a potentially harmful situation.
--
Jeff "japhy" Pinyan [EMAIL PROTECTED] http://www.pobox.com/~japhy/
Eruséro Marillion -- wielder of Ringril, known as Hesinaur, the Winter-Sun
Are you a Monk? http://www.perlmonks.com/ http://forums.perlguru.com/
Perl Programmer at RiskMetrics Group, Inc. http://www.riskmetrics.com/
Acacia Fraternity, Rensselaer Chapter. Brother #734
** Manning Publications, Co, is publishing my Perl Regex book **