Re: Plz help w/ taint issue while copying dir contents

It's perfectly OK to have - in your untainting regexp, e.g.

sub untaint {
    my $var = $_[0];
    my ($untained_file) = $var =~ /^([\w-]+)$/ or die "bad filename: $
+var";
    return $untained_file;
}
[download]

Note that within a character class, - must either be escaped, or else appear in the first or last position in the character list, otherwise it is interpreted as a range indicator (see Version 8 Regular Expressions in perlre).

Also, if you're using locale, read this node.

the lowliest monk

Comment on Re: Plz help w/ taint issue while copying dir contents Select or Download Code

Replies are listed 'Best First'.
Re^2: Plz help w/ taint issue while copying dir contents by Stenyj (Beadle) on Apr 12, 2005 at 03:27 UTC
Thx! Will add that in now. Any idea on the taint error? Stenyj	[reply]
Re^3: Plz help w/ taint issue while copying dir contents by tlm (Prior) on Apr 12, 2005 at 03:41 UTC
I assume you are running this as a CGI script? Do you get the same error if you run this code from the command line? You may want to use the `Scalar::Util::tainted` to see exactly which variable `-T` is unhappy with. A common piece of advice when dealing with `-T`-related problems is to set your `$ENV{ PATH }` variable explicitly; e.g. `$ENV{ PATH } = '/bin:/usr/bin'`; it's worth a try, but I think that if this were the solution, the error message you'd be getting would be different. the lowliest monk	[reply] [d/l] [select]