in reply to exec command taking ages

You will also want to untaint $identifier

Replies are listed 'Best First'.
Re^2: exec command taking ages
by pmcilfatrick (Initiate) on Nov 24, 2010 at 14:36 UTC

    I am not sure if I need to use taint as this is an internal company webpage.

    Also, the $identifier variable holds the directory that the user selected from a list on an intial webpage and the variable is passed to another .cgi script before finally being passed to this .cgi script so I am not sure how taint would help.

    Paul McIlfatrick

[reply]
      Also, the $identifier variable holds the directory that the user selected from a list on an intial webpage and the variable is passed to another .cgi script before finally being passed to this .cgi script so I am not sure how taint would help.

      Thats what you hope $identifier holds. The program does absolutely no checking to see what is in $identifier, and then merrily passes $identifier to the shell for execution, classic security hole.

[reply]

In Section Seekers of Perl Wisdom