There are already several very could posts on this topic. Even some pointing out that you should be using taint checking and sanitizing your data. In addition to that authorizing access of this nature is extremely important. I thought I might help by adding why this is so important. If I were a mean person (not saying I'm not) but for the moment lets say I'm intent on causing trouble. Lets say I submit my assignment not as Laura but as Bob. I don't like Bob much, he sits next to me in class and breathes with his mouth open. So I decide to call my outputfile .bash_rc or .bash_profile. Even with a path appended to the string I can just make my file name ../../../.bash_rc or whatever it takes to get down to the home dir. Then I make the body of my assignment "rm -rf . > /dev/null &". As you can see Bob is going to have a "Very Bad Day{TM}" on his next loggin. Now while your code doesn't allow this in it's current form something workable probably would allow something similar. I'm just trying to illustrate how many security wholes you open up when you allow code to run that's dependant on html form fields. If he had to go through some sort of authorization it would lessen the chances of Laura getting even with evil mouth breathers on the system. I hope this puts some fear into you. On and I do speak from experience I used to be the only Unix Admin for a Computer Science department with 600 active accounts each quarter.

In reply to Re: Using Variables in Path Names by Dogma
in thread Using Variables in Path Names by lfindle

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.