in reply to PerlTaintCheck and configuration for secure paths

It's not $PATH, but the variable. $PATH is only relevant for executables (used with system, backticks or piped open).

Did you sanitize $thumbName? see perlsec, section Laundering and Detecting Tainted Data.

Try something like 

$thumbName = ($thumbName =~ /^([-\@\w.\/]+)$/) ? $1 : undef;
if($thumbName) {
    open( NEWIMG, "+>$thumbName" ) or croak "Can't open new imagefile:
+ ($thumbName)  $! \n";
}

[download]
That should do. 
_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Replies are listed 'Best First'.
Re^2: PerlTaintCheck and configuration for secure paths
by geektron (Curate) on Jun 22, 2006 at 17:44 UTC
    $thumbName is constructed in the code. because of that, i thought it didn't need extra sanitizing.

    I'll test it w/ Scalar::Util to ensure that's the tainted part ...

[reply]
[d/l]
      If $thumbName was constructed with whatsoever variable that is tainted and not sanitized, it becomes tainted as well.

      In perlsec is a snippet of code: 

      sub is_tainted {
    return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 };
}

      [download]
      --shmem 
      _($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}
[reply]
[d/l]
[select]
        the operative phrasing i missed: *not sanitized* ... after re-reading perlsec for the 3231244^34 time today, the "not sanitized" part kicked in.
[reply]

In Section Seekers of Perl Wisdom