Good Afternoon Monks,
I'm trying to solve a problem with the error "can't use string ('<insert path here>') as a symbol ref while \"strict refs\" in use at...".
I'm not fantastic with taint checking but I've followed this the best I could and I'm still stumped. Maybe there's some advice out there for this snippet:
sub untaintMe()my $frompath = "$DATAPATH/documentset/$company/$dept/$doc_id"; my $writetopath = "$EX_DATAPATH/external_gn/$doc_id"; my $u = new MyMod::Untaint; my ($untainted_source_path, undef) = $u->untaintMe($frompath, 'path'); my ($untainted_dest_path, undef) = $u->untaintMe($writetopath, 'path') +; #we have to add this afterward to handle the case of using '*' for ima +ges. '*' makes the string fail normal taint checking. $untainted_source_path .= ".$extension"; $untainted_dest_path .= ".$extension"; if ($untainted_source_path =~ m/^([\/\w\-._*]+)$/ ) { $untainted_source_path="$1"; } else { $g->errorpage($q,"Error adding source file extension. Please contact + the MIS help desk."); } if ($untainted_dest_path =~ m/^([\/\w\-._*]+)$/ ) { $untainted_dest_path="$1"; } else { $g->errorpage($q,"Error adding destination file extension. Please co +ntact the MIS help desk."); } copy($untainted_source_path, $untainted_dest_path); my $upload = &upload_file($g, $q, $untainted_source_path, $untainted_d +est_path);
sub upload_file()sub untaintMe { my ($self, $inputArg, $typeArg) = @_; my ($temp, $reason); my @returnArray; if ($typeArg eq 'path') { $inputArg =~ /[\/\w\-._]+/; # includes 'file' chars + "\" $temp = $&; $reason = $` . '...' . $'; # create the reason code } if ($reason eq '...') # no mismatches found if ($temp ne '') { @returnArray = ($temp, ""); } else { @returnArray = ('', "invalid input, not enough characters to ma +tch $typeArg pattern"); } } else { @returnArray = ('', "invalid input, string contains $reason"); } return @returnArray; }
sub upload_file() { my ($g, $q, $readpath, $writepath) = @_; my ($bytesread, $buffer); if (!open(WFD,"<$readpath")) { $g->errorpage($q, "Could not copy $readpath: $!\n"); return 0; } $| = 1; # turn off buffering of stdout if (!open(WFD,">$writepath")) { $g->errorpage($q, "Error opening file '$writepath' for writing: $! +\n"); return 0; } #### ## Error points to the following line #### while ($bytesread = read($readpath,$buffer,1024)) { # can't use str +ing "<directory_goes_here>" as a symbol ref while "strict refs" in us +e binmode WFD; print WFD $buffer; } close(WFD); $| = 0; # turn on buffering of stdout chmod 0600, "$writepath"; return 1; }
If someone has some sound advice or can point me in the direction of a solid thread that deals with this error, I'd be pretty darned appreciative! Or hell, even a "why the heck are you doing it that way?!" would be good.
I've never seen the $& used before in untainting, but again, I'm not that fluent in this to begin with...
Thanks in advance... ~Hugh
In reply to File Upload - Strict Ref Issue by Heffstar
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |