No such thing as a small change | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Ovid, thank you for doing something like this.. I wanted to, but I suppose I never had the courage to actually try it out.. Its going to help my awareness of any bad coding practices immensely.. Ok, first thing: you're not checking the return results of *any* file open call... not for reading and not for writing.. there should always be a "or die" handler for all the open calls Umm.. a biggie, but I don't think you're untainting any of the file name variables or the param variables that you recieve from the user... so a script kiddie style "rm -rf" hack is possible.. When you open a file for writing, you don't bother to lock (flock)it.. I've personally been bitten by a lot of flock issues when I do CGI, so I noticed this.. Your comparison (eq 'Link' || 'Pile') doesn't take into consideration a lower case submission ('link', 'pile' etc) Well, that's all I can see for now... please do tell if I've concentrated on the smaller nitpicky issues and missed any big ones... In reply to Re: How many bugs can *you* find
by tinman
|
|