in reply to Re: File Upload To Selected Directory
in thread File Upload To Selected Directory

Oh there are more, lots more. For instance if you just do: 
  open (FILE, $file) or die "Cannot read $file: $!";

[download]
someone can pass a string that turns into a system command. You won't ever catch all of the possible nasties (fun stuff can be done with \0 for instance) which is why you need to make a list of what you explicitly permit and only pass that, rather than plugging the holes individually as you learn them.

Replies are listed 'Best First'.
RE: RE (tilly) 2: File Upload To Selected Directory
by swiftone (Curate) on Sep 26, 2000 at 21:08 UTC
    you need to make a list of what you explicitly permit and only pass that,

    There is no way to say it better than that, so I'm just replying to draw extra attention to it. tilly++

[reply]

In Section Seekers of Perl Wisdom