Oh, but I was under the impression that he was simply moving the file if it didn't match and technically not renaming it. But, I do see how inspecting the file would be made more difficult if you don't know the format.

Wouldn't it be easily accomplished (the rename()) if he stripped any characters from the filename that would cause issues? I guess what I'm failing to see is what happens to bad filenames after they're moved. I'm looking at the problem as if we have good filenames and bad filenames. If it's not good, I need to move the file elsewhere. Thus, I need to know if the filename has any characters that would cause the rename function to explode. After that, I would simply use another script to inspect the internals of the files considered bad.

The environment seems to be controlled, in the sense that both directories are only accessible to "trusted users". I may be wrong about that. But if that's the case, then what is the difference between inspection before moving and inspection afterwards. I'm battling this out since I want to know why the previously suggested way of checking the file is better than this idea of having a second script check the bad files.

ALL HAIL BRAK!!!

In reply to Re: Re: Re: Re: Re: Untainting 'bad' filenames by PsychoSpunk
in thread Untainting 'bad' filenames by doran

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.