You really do not want to remove the -T switch. That switch turns on taint mode which helps prevent someone from taking over your script and making it do nasty things like wipe out your hard disk, remove key system files or run a DB query that will bring your website to its knees. There is a nice explanation here: http://gunther.web66.com/FAQS/taintmode.html
To perform system operations while in taint mode you have to make sure that any variable you have passed to those system functions has been validated and marked as untainted. To untaint data you pass it through a regular expression. The fields you extract from the regular expression will be marked as untainted, but the original data will continue to be tainted. The regular expression should validate the data, removing any unexpected characters.
For example,
# data expected to be a number my ($iCount) = ($dataFromTheWeb =~ /^(\d+)$/); # data expected to be a user name my ($sUser) = ($dataFromTheWeb =~ /^(\w+)$/); # data expected to be a server path (POSIX syntax) my ($sPath) = ($dataFromTheWeb =~ /^([\w\/]+)$/); # and so on...
If you aren't sure whether or not a variable has been de-tainted, you can call Scalar::Util::tainted($var). You must, of course, put use Scalar::Util at the top of your script under use strict; use warnings; and your other use statements, if it isn't there already.
To make system calls or run scripts/modules that make them, you also need to clear the environment (%ENV) of certain environment variables, in particular PATH. Taint mode wants to make sure it knows exactly which executable is being executed so anything that would allow a relative path to an executable (e.g. PATH) needs to go away, like this: $ENV{PATH} = '';
In reply to Re: Merlyn's Basic Cookie Management (1)
by ELISHEVA
in thread Merlyn's Basic Cookie Management (1)
by tel2
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |