Adam Jimerson wrote:
Gunnar Hjalmarsson wrote:
Adam Jimerson wrote:
Do I need to specify anything for the $ENV{PATH} or do I just leave it
blank
It depends. You have to take into consideration whether your program
relies on any of the paths. If not, it's fine to leave it blank.
The only time I call something that is not a Perl function in my program,
which if I understand this correctly is why I have to set $ENV{PATH}, is
when I call /usr/bin/mail, but when I set $ENV{PATH} to blank or to /usr/bin
I get this error "Insecure dependency in piped open while running with -T
switch at /srv/www/cgi-bin/contact line 87." That line is where I open the
mail command for writing which I have done so like this
open(MAIL, "|/usr/bin/mail -s \"User, $name, has left a message\" vendion")
|| die "Can't send mail: $!";
Now without the -T switch this sends the message to my local mbox on my
system, its just something about it that the switch just does not like.
There is only one suspected variable to consider, i.e. $name, which is
probably tainted. Untaint it, and you are done. ( You remember where to
find out how, right? ;-) )
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
--
To unsubscribe, e-mail: beginners-cgi-unsubscr...@perl.org
For additional commands, e-mail: beginners-cgi-h...@perl.org
http://learn.perl.org/
