Re^3: Having trouble creating a text file

Just a few words of warning then; if data submitted via a web form is dictating a portion of the filename, you could have a security vulnerability, and the fact that you've subverted taint-checking on $filename doesn't necessarily mean it's safe. Tread carefully in these waters.

Dave

Comment on Re^3: Having trouble creating a text file

Replies are listed 'Best First'.
Re^4: Having trouble creating a text file by greymoose (Beadle) on May 08, 2007 at 05:47 UTC
Thanks for the advice. The files that are created are articles for a community newspaper's website. Everything in them is public domain and they are non executable text files. Only the site itself will need to access them once they are created and only staff at the newspaper will be able to create them. I don't think there is much of a security risk involved in this instance. (I've been wrong before though.)	[reply]
Re^5: Having trouble creating a text file by davido (Cardinal) on May 09, 2007 at 04:18 UTC
What if someone hands you a filename that clobbers another file? Also as I mentioned before, please use the 3-arg version of open instead of the 2-arg version. There are a additional safety implications there too. Dave	[reply]