Re^2: PerlTaintCheck and configuration for secure paths

$thumbName is constructed in the code. because of that, i thought it didn't need extra sanitizing.

I'll test it w/ Scalar::Util to ensure that's the tainted part ...

Comment on Re^2: PerlTaintCheck and configuration for secure paths Download Code

Replies are listed 'Best First'.
Re^3: PerlTaintCheck and configuration for secure paths by shmem (Chancellor) on Jun 22, 2006 at 17:51 UTC
If `$thumbName` was constructed with whatsoever variable that is tainted and not sanitized, it becomes tainted as well. In perlsec is a snippet of code: `sub is_tainted { return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 }; }` [download] --shmem _($_=" "x(1<<5)."?\n".q·/)Oo. G°\ / /\_¯/(q / ---------------------------- \__(m.====·.(_("always off the crowd"))."· ");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}	[reply] [d/l] [select]
Re^4: PerlTaintCheck and configuration for secure paths by geektron (Curate) on Jun 22, 2006 at 18:08 UTC
the operative phrasing i missed: not sanitized ... after re-reading perlsec for the 3231244^34 time today, the "not sanitized" part kicked in.	[reply]