Re^2: Why aren't these equivalent?

You are correct, tilly. I turned off taint checking and now the parameter passing method works. I'll have to look into this a little deeper, since taint checking seems to be something I want to have active.

Thank you all for your quick responses!

Comment on Re^2: Why aren't these equivalent?

Replies are listed 'Best First'.
Re^3: Why aren't these equivalent? by massa (Hermit) on Jul 12, 2008 at 09:11 UTC
PLEASE COME BACK HERE don't, please, run CGIs without -T. As holli said below, someone will pass you "/etc/passwd" as a parameter and you will be hosed. you can unlink the file IIRC if you check it against a regex, like this: `unlink $1 if $fileName =~ /^(\.\.\/\.\.\/20\d{6}\.txt)$/;` [download] _without_ having to run it insecurely. as a plus, it will only remove the remove-able files. []s, HTH, Massa	[reply] [d/l]
Re^4: Why aren't these equivalent? by Anonymous Monk on Jul 14, 2008 at 19:06 UTC
Thank you for the advice, massa. I'm using the strict pattern matching that you suggested, modified for my specific application. There are other measures that would have to be defeated before someone could access this page, but I'll keep the taint checking too! It was very kind and generous of holli to offer to hack my site, but not necessary, thanks.	[reply]