"be consistent" | |
PerlMonks |
Yet Another Variable Expansion Problemby strfry() (Monk) |
on Apr 12, 2002 at 19:40 UTC ( [id://158651]=perlquestion: print w/replies, xml ) | Need Help?? |
strfry() has asked for the wisdom of the Perl Monks concerning the following question:
Hi all. Yes, as the title states, here's another variable expansion plea. You see, a friend of mine has a hand-rolled template parser, and won't accept my advice to check CPAN and use one of the undoubtedly better tested versions. So I figure I'm going to give him a list of examples of why his hand-rolled system is insecure. A little scare tactic to spread the word, if you will. (: I was wondering if you, as the perlmonks.org userbase, could give me a few examples of your own, as to why the following code is insecure - the more disturbing, the better: file.txt is filled with 'variables' that look like [$this] - I've already found that i can call lots of perlvar ($0, $ENV{HOME}) from it, as well as such niceties as [${system'ls'}] etc. Please note that I'm disregarding the lack of use strict and -w, as I can only fight one battle at a time. ): Can anyone find anything else insecure about it? Thanks, strfry()
Back to
Seekers of Perl Wisdom
|
|