Hi Jordi,
Jordi Moles Blanco wrote:
1. how can i "untain" that var?
2. can i modify the way that snmp works to disable that "-T" flag when
it passes the control to the perl script?
i've tried to untain the var with any means i've found, like this one:
*********
$path =~ s/;//g;
*********
but none has worked so far.
do you have any ideas?
I can't answer your second question, but as for your first question,
take a look at web sites such as:
http://www.webreference.com/programming/perl/taint/
As it says, you need to clean tainted data by running a regular
expression over it and *then* selecting some part of it using a
sub-pattern ($1, $2, ...).
For example, you could do:
if ($path =~ /^(.*)$/) {
$path = $1;
}
else {
## Well, this won't happen
}
however, you are (a) losing all the benefits of tainting and worse of
all, (b) may be giving someone else reading your code a false sense of
security...they think tainted is turned on and that everything is being
checked.
You might want to at least check if it is an absolute path, any ..'s in
it, or if the path is within some part of the directory structure which
you accept.
Hope this helps!
Ray
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
