in reply to Insecure dependency message ?

It sounds like taint mode doesn't like $base_dir. That could mean the variable is tainted, or perhaps that it is a relative path and $ENV{PWD} is.

Btw, you can save trouble with your time formatting by calling POSIX::strftime($format, localtime).

After Compline,
Zaxo

Replies are listed 'Best First'.
Re: Re: Insecure dependency message ?
by peterr (Scribe) on Jan 06, 2004 at 04:14 UTC
    It sounds like taint mode doesn't like $base_dir. That could mean the variable is tainted, or perhaps that it is a relative path and $ENV{PWD} is.

    Here is where $base_dir is defined

    #!/usr/bin/perl -wT

use CGI qw/:standard/;
use DBI;
use Net::SMTP;
#use CGI::Carp qw(fatalsToBrowser);    #comment this out when in produ
+ction

BEGIN {
     use CGI::Carp qw(carpout);
     
     open(LOG, ">>/home/username/cgi-bin/process-log") or
       die("Unable to open process-log: $!\n");
     carpout(LOG);
   }

# resource limits
$CGI::DISABLE_UPLOADS = 1;  # no uploads
$CGI::POST_MAX = 1024 * 10;  # max 10K posts

# settings
$base_dir = '/home/username/.orders';

    [download]

    Btw, you can save trouble with your time formatting by calling POSIX::strftime($format, localtime).

    Okay, thanks, no doubt I can just place it where the current timestamps are evaluated.

    Peter

[reply]
[d/l]

In Section Seekers of Perl Wisdom