Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Scalers within the open() command?

Status
Not open for further replies.
ScoobyDood

ScoobyDood

Programmer
Jun 10, 2002
15
US
I'm trying to make a script that allows users to create a new page in my directory. When I test it is says something like 'Insecure dependency on open()'. I might have to chmod it, but I using Windows98 for most of my work (Although I do have a computer with Linux) Here is the script: (In part)

#Start script

$name=$cgiobject->param("name")

#Some other Scalers...

open (NEW ">$name.html") || die "!$";

#Print some stuff...
#End script

What's the problem? Computers - Can't live with 'em, can't live without 'em! Check this out:

 
Sort by date Sort by votes
You probably have taint mode on. Either remove the -T from the command line, or use a regular expression on the data to make sure it's not an invalid file name.
 
Upvote 0 Downvote
My perl interpreter on both Linux and Win32 complains about the missing comma in your open statement.

open (NEW, ">$name.html") or die "!$";
______________________________________________________________________
Perfection in engineering does not happen when there is nothing more to add.
Rather it happens when there is nothing more to take away.
 
Upvote 0 Downvote
You do have a command line - it's the MS-DOS prompt.

But actually, I meant the shebang line. You probably have something like
Code: 
#!/Perl/bin/Perl
- that's what mine looks like anyway. Does yours look something like this?

Code: 
#!/Perl/bin/Perl -T

If so, it means that you have to untaint any variables supplied by the user that are going to be used for potentially dangerous operations - like creating/overwriting a file. Remove the -T and it should work. Alternatively, if you want taint mode on, then you have to make a regular expression that makes sure it's a valid filename. Here's an example that will untaint ANYTHING, regardless of whether it is acceptable data or not. I don't recommend you use this, but it'll give you an example.
Code: 
sub untaint {
  my $tainted = shift;
  $tainted =~ /([.\n]+)/;
  return $1;
}

my $untainted = untaint($tainted);
open FILE,">$untainted.html";
Replace that all-encompassing regexp with one that fits your data.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Dino_1000
  • Locked
  • Question
Use the perl debugger to dump all the data in a string variable
Replies
0
Views
520
Dino_1000
Dino_1000
Anurag Sinha
  • Locked
  • Question
calling perl script on click of the button
Replies
0
Views
358
Anurag Sinha
Anurag Sinha
Tester_V
  • Locked
  • Question
Building graph produces error "Cannot open gdgraph1.png:Permission denied" 1
Replies
4
Views
556
Tester_V
Tester_V
Tester_V
  • Locked
  • Question
Need to print only the first line that has a match ...
Replies
2
Views
522
Tester_V
Tester_V
L3sham
  • Locked
  • Question
Titan 532L command line doc?
Replies
1
Views
335
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top