See Sanitizing user-provided path/filenames for something I occasionally recommend to sanitize user-provided pathnames. Before that, I recommend using a token system of some kind. Let the user pick which template they want to use, but don't let their input be a path/filename. Let it be something your script sees and maps to a path/filename.
One of the surest ways you can avoid shell metacharacter problems is simply not to use a function that passes them via a shell. Use sysopen instead of open, for example. Also see Avoiding surprises using 'open' for working around unexpected bits of input using Perl's normal open function.
Another common solution is simply to restrict what people can specify in filenames:
tr/A-Za-z_.-//dc;
| [reply] [d/l] |
tr/A-Za-z_.-//dc;
s/^\.+$//;
to make sure the user doesn't enter a string containing only dots. | [reply] [d/l] |
In situations like this, I always see if I can throw a
buffer in between the user and the file system. From
the information you provided, it sounds like these email
templates already exist - so in your script, first read
the directory containing the templates and record their
names into a hash, with each value given a key such as
the name of the file minus the extension (only works
if they have the same extension, BTW).
Give the user the names of the keys(the aliases)
, not the values (the actual file name).
Now you have created a buffer - instead of allowing the
user to directly specify a file, and potentially put some
nasty shell code in with it, they can only specify the
alias of the file. The actually path is retrieved from
the hash when the time comes to open the file.
This is just another way - it's a bit of over-kill, but it
does work.
Jeff
L-LL-L--L-LL-L--L-LL-L--
-R--R-RR-R--R-RR-R--R-RR
F--F--F--F--F--F--F--F--
(the triplet paradiddle)
| [reply] |
The token/alias methods mentioned above are probably the best way to go, but I gotta ask:
You're using taint checking, right?
That's because you've read perlsec, right? ;}
It may seem obvious, but since -T wasn't mentioned, I just wanted to make sure.
| [reply] |