ZZamboni wrote:

I'm not sure if data read from readdir() is considered tainted or not, but you should check everything.

Your advice about checking everything is good. I just wanted to mention that the list of directory names from readdir is will result in tainted data. Perl assumes that everything from outside of the program is tainted, even directory names that have been read in.

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.