in reply to Accessing %ENV directly in script
Just a minor note: Bad people often insert ".." into URLs, sometimes encoded, sometimes plain. See http://en.wikipedia.org/wiki/Directory_traversal_attack. As long as you use @paths just as a way to pass parameters to your script, this may be harmless. But as soon as you construct a filename from @paths and and a prefix, those bad people may gain access to files that were not meant to be accessible via the web. Also consider replacing backslashes with forward slashes (some people simply can't see a difference between them) (tr|\\|/|) and collapsing multiple slashes to single slashes (s|/+|/|g) before splitting.
Alexander
--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: Accessing %ENV directly in script
by bangor (Monk) on Dec 11, 2013 at 20:51 UTC |
In Section
Seekers of Perl Wisdom