"Sergei A. Golubchik" wrote: > > The fix is obvious. But the rule of the thumb is "do not use magic perl open". > At least in cgi scripts. If you want to open regular file, sysopen does > the trick as well. Isn't open(FH, "< $variable") sufficient to stop any embedded |'s, etc from doing anything harmful, as well? - Bill
- perl-cgi hole in UltimateBB by Infopop Corp. Sergei A. Golubchik
- Re: perl-cgi hole in UltimateBB by Infopop Corp. H D Moore
- Re: perl-cgi hole in UltimateBB by Infopop Co... Charles Capps
- Re: perl-cgi hole in UltimateBB by Infopop Co... Michael Wood
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bill
- Re: perl-cgi hole in UltimateBB by Infopop Co... Andrew Danforth
- Re: perl-cgi hole in UltimateBB by Infopo... Bill McKinnon
- Re: perl-cgi hole in UltimateBB by In... Brock Sides
- Re: perl-cgi hole in UltimateBB ... Brock Sides
- Re: perl-cgi hole in Ultimat... Bennett Todd
- Re: perl-cgi hole in UltimateBB ... Dennis Taylor
- Re: perl-cgi hole in UltimateBB by In... Randal L. Schwartz
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Kevin Hillabolt
- Re: perl-cgi hole in UltimateBB by Infopop Co... Jordan Ritter
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Irwin Lazar
