however I am getting message "Insecure dependency in `` while running with -T switch at /...../YYY.cgi line 252." which calls my script in a wayIs YYY.cgi also running with the taint switch on? In that case you have to launder both $XXXfile, $inp_file and $outfile before you use them in your backticks call.my @arr = `perl -wT $XXXfile $inp_file $outfile 'param'`;
Again from the docs (perlsec):
Tainted data may not be used directly or indirectly in any command that invokes a sub-shell, (...)
CountZero
A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James
In reply to Re: Insecure dependency in open while running with -T switch
by CountZero
in thread Insecure dependency in open while running with -T switch
by vit
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |