now, I have
Insecure dependency in system while running with -T
grrrr...
I try
system "command1", "img.g3" > "img.pbm";
(command1 = /path/to/command and img.g3 = /path/to/img.g3 and img.pbm = /path/to/img.pbm)
=>
Argument "/home/e-smith/files/ibays/fax-voice1/html/fax/tmp/3145.f..." isn't numeric in numeric gt (>) at /home/e-smith/files/ibays/fax-voice
1/cgi-bin/fax/nph-vf-pdf.cgi line 653.
I want to write in img.pbm!!!
It is not a numerical operation ;o)
anne | [reply] |
You are now using the list form of system, which means no
shell will be used (which is good). However, redirection like ">" is done by the shell, so you can't do it like that.
(you can use a pipe open instead and write the file yourself, or use backticks, or do the fork/exec yourself so you can first open stdout to a file. Or go back to using the shell, but in a safe way).
Also notice that the insecure PATH complaint was about
how the program gets looked up, and has nothing to do with
the targetfile. You don't have to give that an absolute path (unless what your working directory is is untrusted too of course).
Now carefully read your error message. It's not complaining about an insecure dependency, but that you are comparing string
"img.g3" to "img.pbm". Always start by assuming perl knows what it's talking about, however sure you are that you know better. There's always a reason for the messages you get.
| [reply] |
yes, I read perlsec, perlipc, perl...
In perlsec :
exec "echo $arg"; #not good
exec "echo", $arg; #is good
but I have ">/path/to/file" for write in /path/to/file
and I do not find a solution for that!
anne
| [reply] |