Hello,

I've written couple of modules in perl. These modules work fine from the command line
But now I need the functionality of those modules when I use CGI and then I want to use the module with the -T flag for added security.
Offcourse there were some problems with my modules because I opened /closed various files etc... and I believe I can solve them with some regex's.

But my code used an xml file to read-in some configuration directives. and apperently the -T mode croaks on that module when I want to use XML::Simple

How can I solve this problem ?
Is there a good tutorial/guide that explains how to go from untainted mode to tainted mode ?

When I remove the T flad and run it from the cmd line the code seem to work $_config contains an hashref.
With the -T flag I get an obscure "Name contains ..."
I know it's crashing on the path I provide , but I can't seem to figure out how to solve it
#!/usr/bin/perl -wT
use strict;
use warnings;

use XML::Simple; # used to read the xml config file
  my $parser = new XML::Simple(keeproot => 0);
 my $_config_file = "blah.xml";
 my $_config_path = "/some/path";
 unless ($_config_path =~ m#^(/some/path)$#){ #some regex I suspect wi
+ll untaint the data, but i wonder is this is needed because I set the
+ vars from within my program
# and from what I is that taint only check data from other processes
     die("FATAL Error, the path you provide doens't seem to be a valid
+ path at all"); 
  }
 print "match $1 \n";
 my $config_path=$1;
 my $file= "${config_path}/${_config_file}";

 print "complete path to file: $file \n";
 my $_Config = $parser->XMLin($file);
 print "\$_config = $_Config \n";

[download]

20051019 Janitored by Corion: Removed BR tags from code

In reply to run script in taint mode by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.