Re^3: -T switch & untaint - how to resolve errors?

You're not untainting the variable in-place, your call to the function should read as follows:

    $name = untaint($name);
    $siteName = untaint($siteName);
    open (FILE,">/$directory/tmpl/$name.tmpl");
        print FILE $content;
    close(FILE);

sub untaint {
    my $var = $_[0];
    unless ($var =~ m/^(\w+)$/) { #allow filename to be [a-zA-Z0-9_]
        die("Tainted");
    } 
    return $var;
}
[download]

I've asked a question about another topic here, but I think you can find the answers quite useful for your tainting doubts.

Flavio (perl -e "print(scalar(reverse('ti.xittelop@oivalf')))")

Don't fool yourself.

Comment on Re^3: -T switch & untaint - how to resolve errors? Download Code

Replies are listed 'Best First'.
Re^4: -T switch & untaint - how to resolve errors? by Stenyj (Beadle) on Apr 10, 2005 at 21:11 UTC
Yeah sorry, I fixed the coding after posting, and forgot to update it here. Still getting the error, even with the adjusted code. "print() on closed filehandle FILE at file.cgi line 117." Kind of weird, but tryin' to figure it out. Stenyj	[reply]
Re^5: -T switch & untaint - how to resolve errors? by Joost (Canon) on Apr 10, 2005 at 21:46 UTC
Looks like the file isn't opened for some reason. Try doing `open(....) or die "Can't open file: $!"` "What should it profit a man, if he should win a flame war, yet lose his cool?"	[reply] [d/l]
Re^6: -T switch & untaint - how to resolve errors? by Stenyj (Beadle) on Apr 10, 2005 at 22:00 UTC
kicks self This is why I don't program while I'm tired. Path to the file was off. ROFL Thx a ton man, I really appreciate your help. Stenyj	[reply]
Is restricting to "words" good enough? by doom (Deacon) on Apr 11, 2005 at 03:30 UTC