Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- de-taint doesn't work after upgrading perl
January 8, 2005, 7:49 pm
rate this thread
- Gunnar Hjalmarsson
January 9, 2005, 5:06 am
Re: de-taint doesn't work after upgrading perl
> In a cgi script I'm detainting an input variable as
> $FORM =~ tr/A-Z//cd;
> and then passing it to a system call as
> system "proggy",$FORM;
> It was working in old perl 5.6 but doesn't in 5.8.
> Perl complains about "Insecure dependency".
> How should it be detainted now?
Didn't know the above ever was an allowed way to untaint. This is an
equivalent that does untaint:
$FORM = join '', $FORM =~ /[A-Z]/g;
Please also study