En/na Raymond Wan ha escrit:
Hi Jordi,
Jordi Moles Blanco wrote:
1. how can i "untain" that var?
2. can i modify the way that snmp works to disable that "-T" flag
when it passes the control to the perl script?
i've tried to untain the var with any means i've found, like this one:
*********
$path =~ s/;//g;
*********
but none has worked so far.
do you have any ideas?
I can't answer your second question, but as for your first question,
take a look at web sites such as:
http://www.webreference.com/programming/perl/taint/
As it says, you need to clean tainted data by running a regular
expression over it and *then* selecting some part of it using a
sub-pattern ($1, $2, ...).
For example, you could do:
if ($path =~ /^(.*)$/) {
$path = $1;
}
else {
## Well, this won't happen
}
however, you are (a) losing all the benefits of tainting and worse of
all, (b) may be giving someone else reading your code a false sense of
security...they think tainted is turned on and that everything is
being checked.
You might want to at least check if it is an absolute path, any ..'s
in it, or if the path is within some part of the directory structure
which you accept.
Hope this helps!
Ray
Thanks a lot for that info, that was all i needed :)
I was doing the first part, but no the $path=$1 step .
no it's working like a charm :)
thanks.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/