Re^2: HTML Form and Perl

Well... i am about 75 and new to perl..so maybe i am confused :) BUT... when i hardcoded the perl script with the cd and unzip (as shown) and specified text not a variable... and executed the script by itself...it sure went to the right directory and unzipped the file...so...i just wanted to enhance that with a variable... It may have something to do with taint then...cause it only would not work with the variable... i will try your idea and see if that works. OLD MAN trying to learn :)

Comment on Re^2: HTML Form and Perl

Replies are listed 'Best First'.
Re^3: HTML Form and Perl by workman_m (Initiate) on May 07, 2008 at 19:32 UTC
well unless i missed something... this code as suggested...ran...but did not do anything or produce any errors that i could find. plus when i try to print it...nothing prints... here is what i have coded. `#!/usr/bin/perl -T print "Content-type: text/plain\n\n"; use CGI; my $query = new CGI; my $dir = $query->param('dir'); my $zip = $query->param('zip'); die "invalid dir" unless ($dir =~ m/^([a-zA-Z0-9]+)\z/); my $valid_dir = $1; # $valid_dir is untainted die "invalid zip file" unless ($zip =~ m/^([a-zA-Z0-9]+)\z/); my $valid_zip = $1; chdir($valid_dir) && system("unzip", $valid_zip); print $valid_dir; print $valid_zip;` [download]	[reply] [d/l]

Replies are listed 'Best First'.

Re^3: HTML Form and Perl
by workman_m (Initiate) on May 07, 2008 at 19:32 UTC

#!/usr/bin/perl -T
print "Content-type: text/plain\n\n";
use CGI;
my $query = new CGI;
my $dir = $query->param('dir');
my $zip = $query->param('zip');

die "invalid dir" unless ($dir =~ m/^([a-zA-Z0-9]+)\z/);
my $valid_dir = $1;  # $valid_dir is untainted
die "invalid zip file" unless ($zip =~ m/^([a-zA-Z0-9]+)\z/);
my $valid_zip = $1;

chdir($valid_dir) && system("unzip", $valid_zip);

print $valid_dir;
print $valid_zip;
[download]

[reply]
[d/l]