Think about Loose Coupling | |
PerlMonks |
Re: running a perl program from a cgi webpageby mephit (Scribe) |
on Jul 04, 2002 at 17:23 UTC ( [id://179504]=note: print w/replies, xml ) | Need Help?? |
I agree that there are security issues that need to be addressed here. One thing that I didn't see at that
link that Joost mentioned here
('cause it's not really a CGI issue) is the use of system.
The OP is using the single-argument form, with part of that argument taken directly from the form input. Bad Idea. Use the multiple-argument form of system after validating the form input, that each variable contains only data that's expected:
This line looks hairy, as well: I don't know whether $ARGV[0] is tainted, but I'd validate it before opening, anyway.
HTH -- There are 10 kinds of people -- those that understand binary, and those that don't.
In Section
Seekers of Perl Wisdom
|
|