You might have already thought about this but; if you are accepting input from a webpage and using that to run a shell command, you should make sure you have sanitized the input and removed any nasties that could be potentially be sent in. There is more infomration at Cross Scripting Vulnerability and in perlsec.

Also, if you are using system, make sure you use pass in the arguments to the shell commnad as a separate list (second form of calling system) rather than building up a string with the command and argument and handing that to system.

Cheers, data64

Just a tongue-tied, twisted, earth-bound misfit. -- Pink Floyd

If you plan on inserting the output of the command directly into your HTML, just use system(). If the command has output and you do not want the output to be inserted into the HTML, you are going to have to redirect or intercept the output.

The simplest way to redirect the output on UNIX using system() is to append ">/dev/null" (to throw away stdout) or ">/path/to/logfile" (to keep stdout in a logfile). On WIN32 the same can be accomplishing using ">NUL" and ">c:\\path\\to\\logfile". For example:

To intercept the output use ``: