Re: Taint and get params

It should be tainted.

Are you sure you're not untainting somehow (eg with a regex)? Can you present a small CGI program which demonstrates the problem?

Clint

Comment on Re: Taint and get params

Replies are listed 'Best First'.
Re^2: Taint and get params by jatill (Beadle) on Aug 22, 2007 at 19:45 UTC
Deep within a module I am using I found this code lurking: # Untaint all ENV variables foreach ( keys %ENV ) { $ENV{$_} =~ m/(.*)/; $ENV{$_} = $1; } So it looks like I'm untainting QUERY_STRING, which would be my problem. Thanks for your help pointing me in the right direction.	[reply]