Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re: Taint problem opening file to write

by Necos (Friar)
on Apr 30, 2002 at 12:41 UTC ( [id://163041]=note: print w/replies, xml ) Need Help??


in reply to Taint problem opening file to write

From what I gather, your tainting is not from the filename (because you SEEM to have untainted it). However, you should be very wary of this:

open(FILE,">$file"); vs. open(FILE,"> $file");

The first one (if untainted properly), will make sure there are no leading spaces in the filename. The second, may or may not work how you suspect, and just MIGHT be the cause of the problem. I don't think I've read any book that uses open(F,"> $file");.

Looking at your code a third time, I noticed that you don't bother to look for leading or trailing spaces (regex \s) in $file_out. So, let's just eliminate part of that problem with a:  $file_out =~ s/\s+//;.

Hope that helps some...

Theodore Charles III
Network Administrator
Los Angeles Senior High
4650 W. Olympic Blvd.
Los Angeles, CA 90019
323-937-3210 ext. 224
email->secon_kun@hotmail.com
perl -e "map{print++$_}split//,Mdbnr;"

Replies are listed 'Best First'.
(jeffa) Re: Taint problem opening file to write
by jeffa (Bishop) on Apr 30, 2002 at 14:26 UTC
    Here is where i recommend the 3-arg form of open. From the docs:

    Use 3-argument form to open a file with arbitrary weird characters in it, 

    open(FILE, '<', $file);

    [download]
    otherwise it's necessary to protect any leading and trailing whitespace: 
    $file =~ s#^(\s)#./$1#;
open(FOO, "< $file\0");

    [download]

    jeffa

    L-LL-L--L-LL-L--L-LL-L--
-R--R-RR-R--R-RR-R--R-RR
B--B--B--B--B--B--B--B--
H---H---H---H---H---H---
(the triplet paradiddle with high-hat)
[reply]
[d/l]
[select]
Re: Re: Taint problem opening file to write
by derby (Abbot) on Apr 30, 2002 at 14:37 UTC
    Necos,

    from my version of the open documention (perl 5.6.1) but not the online monks version of the open doc -

    In the 2-arguments (and 1-argument) form of the call the mode and filename should be concatenated (in this order), possibly separated by spaces.

    so you can separate the mode from the filename by a space (and the code in doio.c backs that up) but you're right, it's not idiomatic.

    -derby

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://163041]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others sharing their wisdom with the Monastery: (2)
As of 2024-04-20 15:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found