comment on

For some reason I could not open a file (for writing) in /tmp, but was able to in a new sub-directory of cgi-bin...go figure.

That's strange, and could be an indication that your script is running with privileges that are higher than e.g. the nobody user that webservers commonly use to run scripts. That'd be another reason to be incredibly careful with using form input for filenames and potentially other things. Attackers would happily exploit a security hole that allows them to create files to, for example, set up phishing sites under your domain.

Taint mode is a good idea in this case because it forces you to think about certain cases. But it's of course also not a silver bullet - thinking about what you are doing with user input is always a good idea :-)

In reply to Re^3: open file using variable passed by form by haukex
in thread open file using variable passed by form by michael.kitchen

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.