Thanks for your suggestions Joost. I had already tried the die "......$!" before I posted my original message. It didn't help because I'm testing this on a web server, through a browser, and the page I'm generating just terminates at the point of error without reporting the error. I also don't seem to have access to the error_log on this particular (institutional) server.
Tilly (see below) hit on the cause of the problem. Just to follow up on your suggestion, I ran the script from a command line and got another confirmation that it was the taint checking:
Insecure dependency in unlink while running with -T switch at ./de
+lete.cgi line 43.
Thanks again.
| [reply]
[d/l] |
four points:
I had already tried the die "......$!" before I posted my original message.
please tell so if you're posting a question, so others don't
make suggestions which are useless.
It didn't help because I'm testing this on a web server, through a browser, and the page I'm generating just terminates at the point of error without reporting the error.
this is because of the die(). if you can't see the errorlog (see below), then don't die, but just *print* the message. in either
case, the message in $! *is* useful.
I also don't seem to have access to the error_log on this particular (institutional) server.
that's always bad. how do you want to develop if you can't
see the errorlog? your best bet here is
use CGI::Carp qw/ fatalsToBrowser /;
you will get all runtime errors in the browser then. (and
only activate that line when you're developing, so users
don't see any detailed error messages that are meant to only be seen by you)
and as others have said, *please* check the
filename, otherwise anybody can delete any file on your
system which you (the webserver) has write access to.
| [reply]
[d/l] |