This is why I don't program while I'm tired. Path to the file was off.
Maybe this is a good place to add the comment that it's probably a good idea to tighten up the requirements for what you're going to allow as user input.
For example, you might do something like this:
sub untaint_directory {
# restrict directory names to a short list of accessible locations
my $var = $_[0];
my @allowed_locations = qw( political_babble
funny_animal_stories
down_with_starwars
guests
tests
public );
my $dir;
my $ok = 0;
if ( ($dir) = ($var =~ m/^(\w+)$/ )) {
foreach my $loc (@allowed_locations) {
if ($dir eq $loc) {
$ok = 1;
last;
}
}
}
unless ($ok) {
die("Not an allowed directory: $dir");
}
return $dir;
}
The idea is that this is a security related task, and you should be as paranoid about it as you can. Do your best to restrict the input you're going to accept to things that you
know are okay.
|