in reply to use lib './' security safe?

Turning taint on removes "." from "@INC". 
C:\>perl -le"print for @INC"
c:/Perl/lib
c:/Perl/site/lib
.

C:\>perl -Tle"print for @INC"
c:/Perl/lib
c:/Perl/site/lib

C:\>

[download]

MJD says "you can't just make shit up and expect the computer to know what you mean, retardo!"
I run a Win32 PPM repository for perl 5.6.x and 5.8.x -- I take requests (README).
** The third rule of perl club is a statement of fact: pod is sexy.

Replies are listed 'Best First'.
Re^2: use lib './' security safe?
by SavannahLion (Pilgrim) on Jul 20, 2004 at 21:51 UTC
    After reading your little blurb, I went back and looked at my configuration files for my editor. I configured three different Perl launch options. The primary one I've been using for testing/checking my scripts straight from the editor has -wT (it launches Perl from a command prompt). When I run the script via Apache, I've been leaving off -wT.

    I think I did it this way because a problem I can't figure out is when I run the script from my editor, Perl balks at having #!perl -T. Perl claims declaring -T is too late. But that line works fine with Apache. I'd configure Apache to include -T automatically (if it was possible), but the production server doesn't have Perl configured that way. Oh well.

    ----
    Thanks for your patience.
    Prove your knowledge @ HLPD

[reply]

In Section Seekers of Perl Wisdom