-T is supposed to stop your script, if its not handling
user input safe/unTainted-ly. You definetely need to
look it up; the idea is that all user data could be
an attempt to get your cgi to do bad things, so unless
you ensure the data isn't dangerous, -T won't let it run.
You need to do things like: $name = param('name');
$name =~ /(\w+)/;
$safe_name = $1; # use $safe_name from here on out
That's not correct, but its one of the ways you need to
un-taint input; run it through a safe-making RE and use
only the matched part.
a | [reply]
[d/l] |
| [reply] |
Since you haven't posted any kind of code context and/or error message, it might be a complete miss, but -T switch can issue an error like 'Too late to use -T', especially if you use this option on a poorly configured web-server (IIS for example).
This issue can be solved by explicitly including the -T switch on the application mapping in IIS. You should then name your script with an extension like '.Tpl' and map this extension to '<path_to_perl>/perl.exe -T'. All the scripts with the extension '.tpl' will then have the Taint check enabled.
<kbd>--
PerlMonger::Paris(http => 'paris.pm.org');</kbd>
| [reply] |
That depends. What is the error message you are getting? I suspect your script has some tainted data issues. See perlsec. | [reply] |