http://qs321.pair.com?node_id=76754

I'm busy creating new functionality for a Web site and I was asked to look at a similar page on the site and "modify" its functionality to fit my needs. Aside from the potential for duplicate code (which I will have), I discovered that the core functionality that I needed to look at rested in the following subroutine. How many bugs, or potential security holes, can you find?

Note: I have changed some of the information to protect the customer in question, but I have not changed any of the bugs.

sub updateTiles { my $fto = $htmDir . 'tile.htm'; my $content = ''; open(HOME,$fto); while (<HOME>) { $content .= $_ } close(HOME); my $paramTemp,$contentTemp; my @sections = qw(Tile Pile Link); foreach $section (@sections) { $contentTemp = $query->param($section); if ($section eq 'Pile') { $contentTemp =~ s/[\n\r]/<p>/g; } if ($section eq 'Link') { $contentTemp = "<img src=\"images/en +ter.gif\" width=8 height=12><a href=\"cgi-bin/show.cgi?action=showTil +es&tileType=Search&searchFor=$contentTemp\">View this month's tiles.< +/a>" } $content =~ s/<!--$section-->(.*)/<!--$section-->$contentTemp/ +; } open(HOME,">$fto"); print HOME $content; close(HOME); my $image = $query->param('Image'); if ($image ne '') { my $newFile = fileUpload('Image',250000,1,'lat +est_image','JPEG','.jpg','.jpeg') } }

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.