http://qs321.pair.com?node_id=11117486


in reply to Re: Collapsing smaller scripts into a larger one, request for comment
in thread Collapsing smaller scripts into a larger one, request for comment

Thank you for bringing this to my attention. If I ever store passwords somewhere, I will make sure to keep them out of the $collections_dir. I would probably put them in some deep dark corner of my directory structure with a name that does not look anything like the word 'password' and use something more secure than a plain text file.

I could also add / and . to the encode entities to make sure that the string that the cgi param returns will not recurse. Adding those would make your string return the following.

../../../../.. +/../../home/aleena/passwords

I will give that serious thought. Again, thank you.

Update: Forward slashes will be html encoded.

my $collection = $cgi->param('collection') ? encode_entities($cg +i->param('collection'),'/<>"') : undef;

My OS is Debian 10 (Buster); my perl versions are 5.28.1 local and 5.8.8 on web host.

Version control is a non-issue, I do not use it.

No matter how hysterical I get, my problems are not time sensitive. So, relax, have a cookie, and a very nice day!
Lady Aleena