Welcome to the Monastery | |
PerlMonks |
Re^4: One true regexp for untainting windows filenames?by jaldhar (Vicar) |
on Jan 09, 2009 at 19:42 UTC ( [id://735283]=note: print w/replies, xml ) | Need Help?? |
To make them safe for what? Most most applications, untaint_path might remove the taint flag, but it doesn't make sure they're safe first. Safe to use in qx//; in taint mode Earlier, I set $ENV{PATH} to q{}. This means I need to use complete paths to every file or command I use and they need to be untainted to prevent the 'insecure dependency' error. I had forgotten about argv[0]. Now you have led me to realize that running under -T will not really buying me anything here without additional checking. Hopefully this conversation will remind others to not complacently assume untainted eq secure if nothing else. --
In Section
Seekers of Perl Wisdom
|
|