develooper Front page | perl.beginners | Postings from March 2002

Understanding untaint

Thread Next
Tom Ransom
March 29, 2002 14:23
Understanding untaint
Message ID:
I need help debugging/understanding how this piece of code is 
working. I have checked values going into and within "cl" and it 
operates as expected. Where does the "%+" come from?


results in "%+/www/htdocs/templates/main.htm"

     &cl("$DataDir$template_directory$template_name") =~ /(.+)/;
     my $temp_file = $1;           #keeps nasties from manipulating 
browser window


sub cl {                                  #untaints for safe open/system calls
     $ENV{'PATH'} = '';
     my $path = shift(@_);
     $path =~ s/[\^\~\\;<>\*\|`&\$!#\(\)\[\]\{\}'"\s]//g;     #remove metas
     $path =~ s/\.+/./g;           #remove ../ exploit
     return $path;


Tom Ransom             
After all, it just takes one BIG idea to make your marketing
program stand out in the crowd.  <>

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About