in reply to Controlling Inputted Paths in a CGI Script

I've done the obvious of obliterating any "..", but I know that there are many more ways to bypass this.

You could:

  1. Save the current directory
  2. chdir() to the directory in question
  3. get the new current directory
  4. chdir() back to the saved directory
  5. return the "new current directory" from step 3
solving at least one problem.

From that point, you may have to brute-force search the resulting pathname (e.g., split() on '/', examine each component, etc.)

Perhaps not that helpful ... sorry.

dmm


You can give a man a fish and feed him for a day ...
Or, you can teach him to fish and feed him for a lifetime
  • Comment on Re: Controlling Inputted Paths in a CGI Script

In Section Seekers of Perl Wisdom