in reply to Re: CGI Filenames and decode_entities
in thread CGI Filenames and decode_entities
If called in void context the arguments are decoded in-place.So the solution is to not call in void context:
As a side note, if you are migrating or securing an old script, you should take a read through perltaint. It'll help you protect yourself from classic exploits.$filename = decode_entities($filename);
#11929 First ask yourself `How would I do this without a computer?' Then have the computer do it the same way.
|
|---|