Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: Controlling Inputted Paths in a CGI Script

by dmmiller2k (Chaplain)
on Oct 31, 2001 at 21:00 UTC ( [id://122372]=note: print w/replies, xml ) Need Help??


in reply to Controlling Inputted Paths in a CGI Script

I've done the obvious of obliterating any "..", but I know that there are many more ways to bypass this.

You could:

  1. Save the current directory
  2. chdir() to the directory in question
  3. get the new current directory
  4. chdir() back to the saved directory
  5. return the "new current directory" from step 3
solving at least one problem.

From that point, you may have to brute-force search the resulting pathname (e.g., split() on '/', examine each component, etc.)

Perhaps not that helpful ... sorry.

dmm


You can give a man a fish and feed him for a day ...
Or, you can teach him to fish and feed him for a lifetime
  • Comment on Re: Controlling Inputted Paths in a CGI Script

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://122372]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others about the Monastery: (5)
As of 2024-04-25 12:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found