Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Too many if statements!! 3

Status
Not open for further replies.
noshankus

noshankus

Programmer
Mar 31, 2003
3
DE
Hello,

I basically want to store files in a folder, depending on the user name: $user, and called $date.txt.
It was no problem creating them. The only problem is that I can't do something like this:

if (blah = true) {$file = /$user/$date.txt;}
And then later save to $file.

Anytime I try this, I get the following error message:
Insecure dependency in open while running setgid at save_patch_file.pl line 111

I can get around it by doing something like:

if (blah = true && $user = foobar){$file = /foobar/$date.txt;}

But since I already have that blah = true (actually has 4 possibilities), and there will be up to 25 users, that means that I'll have to write 100 if statements if I can't use a damn variable as a folder name with another variable as the file name! :)

I hope you can follow my ramblings!
Thanks for the help and hints as always.
Best regards,
 
Sort by date Sort by votes
Now I'm at the stage where I want to do something like this:

if (! -d $user){
mkdir($user, 777) }

But I still get an error message like this:
Insecure dependency in mkdir while running setgid at save_patch_file.pl line 22

Any help much appreciated!
 
Upvote 0 Downvote
It sounds like you are running your script in taint mode (-T) and that $user is tainted. You will have to untaint $user before passing it to any system calls.

jaa
 
Upvote 0 Downvote
Have you tried
if (blah = true) {$file = "/$user/$date.txt";}

and
if (! -d "$user"){

Note the quotes, which don't appear in your example.
I tried using -d in a one-liner from the command prompt
and it did not work without the quotes; with quotes it
did. I suspect you also need quotes in the first case.
You are assigning a string to a variable, after
all.

Hope this helps.

 
Upvote 0 Downvote
You need to untaint your variable, either "$user" or "$date". At least one of them is comming from an environment which is not under the control of this script.
Dirty fix is to get rid of "-T" switch (not recommended).
Recomended fix is to use regex to reassign the value to the variable. refere to "perldoc perlsec" for more details.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

audiopro
  • Locked
  • Question
Too Many Connections
Replies
6
Views
228
1DMF
1DMF
MoshiachNow
  • Locked
  • Question
Windows - executable script will stop running if a remote Window is minimized
Replies
1
Views
245
hosehead78
hosehead78
brittany1
  • Locked
  • Question
Comparing 3 vars if defined.
Replies
5
Views
318
MillerH
MillerH
stevio
  • Locked
  • Question
Find if Hash Value exists in Hash of Arrays
Replies
4
Views
616
Zhris
Zhris
MrCBofBCinTX
  • Locked
  • Question
unless eq versus if ne 1
Replies
2
Views
257
MrCBofBCinTX
MrCBofBCinTX

Part and Inventory Search

Sponsor

Back
Top