in reply to request for review: file reading security

Yeah. As written, the user could pass, e.g., ../topsecretpages/index.html and start looking at the topsecretpages directory that exists at the same level as pages. (Of course, the user would have to guess or learn the name of the directory, and it is to be hoped you don't really have top secret pages lying around under your web server's document root without any protection.)

Updated: Like the followups say, the regexp dealt with that. Teach me to answer SoPWs in the middle of the night...

Replies are listed 'Best First'.
Re^2: request for review: file reading security
by Anonymous Monk on Sep 05, 2004 at 14:33 UTC
    that's why there is $req =~ s/^.*\///; which should take care of that.

[reply]
[d/l]

      I believe your code should look for literal periods: 

        $req =~ s/^\.\.\///;

      [download]
      But that's still poor, because what about: 
         blah/../../topsecretpages/page.html

      [download]
      or 
         ../../topsecretpages/page.html

      [download]
       Update: Chady is right. I retract.



      pbeckingham - typist, perishable vertebrate.
[reply]
[d/l]
[select]

        His regular expression does the job well. It strips everything until the last / 

        $req = 'blah/../../topsecretpages/page.html';
$req =~ s/^.*\///;
print $req;
__END__
page.html

        [download]
        He who asks will be a fool for five minutes, but he who doesn't ask will remain a fool for life.
        Chady | http://chady.net/
        Are you a Linux user in Lebanon? join the Lebanese Linux User Group.
[reply]
[d/l]

In Section Seekers of Perl Wisdom