require "$Page_Loc/$pg.conf";
It is basically just the "page" coding, the actual content is stored in a database. I am just pulling in the Perl syntax for that page, IF it exists:
if (-e "$Page_Loc/$pg.conf") {
# line 88 above ;o)
}
I guess, I MIGHT have to put them all into the main system, and just use the page names as sub routines, and run them when that page is called... Or is there a different way to avoid getting that error?
I am just not checking out that link the other person, Enlil I think, posted. Thanks everyone.
Richard
| [reply]
[d/l]
[select] |
powerhouse,
The problem is that you are requiring a file from tainted data. You will have to Untaint $pg first. I am not sure I would be doing it the same way you are if I was concerned about security.
Cheers - L~R
| [reply] |
What security gap do you see there? The file requires one written in the back end, and it does not reply upon anything passed in the browser, except a page, and it only uses that to see if it exists, and when it passes it to the subroutine to get the title and content, I do security checks and use placeholders.
I don't really know what else to guard for.
What are you thinking?
thx,
Richard
| [reply] |