Re^3: use variable as name for new file

Thats perls way of telling you that you are trying to open a file with a name supplied by a user and you REALY REALY don't want a user to be able to open any file they want. So at very least you need to check the file name coming from the user and verify that it is okay to open, but better would be to figure out how not to have the user specify the file name.

___________
Eric Hodges

Comment on Re^3: use variable as name for new file

Replies are listed 'Best First'.
Re^4: use variable as name for new file by Zcity (Novice) on Jun 19, 2006 at 13:13 UTC
Thanks everyone for helping. This is the code that worked for me: ################ open (LOG,">pending/" . $subject) or die("Error in opening the file :$!:"); ########to replace space with underscore between text##### $subject =~ s/ /_/g; ############################	[reply]
Re^5: use variable as name for new file by eric256 (Parson) on Jun 19, 2006 at 16:05 UTC
If you realy insist on ignoring all advice given to you then eventualy your are going to get bitten by this and its going to realy hurt. One last time, by allowing the user to specify a file name or any part of a file name you are making yourself vulnerable to attack. What if for $subject they entered something like `rm -rdf`...yes my unix is lacking, but the point is that evil evil things can be done with this so DON'T do it! ___________ Eric Hodges	[reply] [d/l]
Re^4: use variable as name for new file by kabeldag (Hermit) on Jun 17, 2006 at 03:08 UTC
Bad news indeed. Also. If your going to create a file for each subject of every post. You're going to have alot of files in there ;)	[reply]