>I have this problem when I use $fdat variable like part of filename I'll
get this error:
>[28024]ERR: 24: Line 1: Error in Perl code: Insecure dependency in open
while running with -T switch >at
/home/www/ceska-media/content_management/fdat.html line 13.
That's the sense of Perl tainting, it tells you you shouldn't do that:
>$path.=$fdat{id};
>
>$path.='.jpg';
>open FILE, "> $path" || die;
What's happen's if anybody submits a ../../ etc. as id ? In that case the
picutre will get written to the wrong location, maybe somebody will be able
to overwrite something...
Never use submitted values directly in a file path, always validate them
with a regex. The regex will also remove tainting from the value. See man
perlfaq for more infos about tainting.
Gerald
-------------------------------------------------------------
Gerald Richter ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: [EMAIL PROTECTED] Voice: +49 6133 925131
WWW: http://www.ecos.de Fax: +49 6133 925152
-------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
