Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Re: Second hack at Secure Mailer

by Masem (Monsignor)
on Feb 15, 2001 at 03:38 UTC ( #58497=note: print w/replies, xml ) Need Help??

in reply to Second hack at Secure Mailer

The only thing that gets me is the starting point, namely this template file. The fact that you're getting the name of the file directly from the CGI QUERY_STRING, even with all the various s/// operators in there, can still *possibly* leave you open for the "; rm -rf /" attacks. You may have that fixed, but for some reason that concerns me.

Here's my suggestion: Since this appears to be selecting a template file from a limited number of choices, how about creating a hash that maps a template keyword to the actual filename that you use, so that the open call will only see a filename that *you* specify and doesn't at all come from the CGI query. The only major check you'll need is to add a default option if the template keyword parameter is not in your hash, but this is trivial. eg:

my %template_hash = ( default => "www/default.tmp", detailed => "www/detail.tmp", brief => "www/brief.tmp" ); # $temp still gotten as before, could also be cgi->param my $template_file = ( defined $template_hash{ $temp } ) ? $template_hash{ $temp } : $template_hash{ 'default' }; # Continue on as above.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://58497]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (7)
As of 2022-11-30 23:06 GMT
Find Nodes?
    Voting Booth?