We don't bite newbies here... much | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Danger Will Robinson!
Make jolly sure that you are checking the contents of param('file'). In particular, make sure that data.cgi?file=../../../../../../etc/passwd does not output bad things to the user. You may have done this already, or you may trust your authenticated users, but it never hurts to be careful... I have just been bitten in the ass by this, so I speak from bitter (in)experience! dave hj~ In reply to Re: Creating dynamically named CGIs
by dash2
|
|