It isn't clear to me at this point that this is a CGI application or what that would have to do with a "disk image" question in the other node (if any)? An app for an authenticated user on your internal network typing in some input data can be quite a different thing than a CGI web app in regards to the need for taint checking.
Maybe I'm just pointing out the obvious here, but opendir(DIR, "."); is usually not a good idea. I do that for quick hacks and testing, but not in code designed for others. The problem is that "." is the directory that THIS Perl script is executing in! Normally you want to separate the program code from the data. This allows the code to be more general purpose and you don't wind up with copies of the source code in a whole bunch of directories (which will eventually get "out of sync" with any updates to the "main code".
Anyway I think there has been some good advice given in the thread. I would move the Perl program to a different directory from the .jpg files. If I have some directory like this that will be used by many, I sometimes even take *myself* off of the "write permissions" for all of the files. This does add an extra step for me to change data for the files that I "own", but prevents some accidental modification when I am testing.
In reply to Re: Search for text from user input
by Marshall
in thread Search for text from user input
by Nathan_84
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |