Gunnar Hjalmarsson wrote:
> Adam Jimerson wrote:
>>
>> According to perlsec I need to use it as a key in a hash or reference a
>> substring. The example given is
>>
>> ,----[ ]
>> if ($data =~ /^([...@\w.]+)$/) {
>> $data = $1; # $data now untainted
>> } else {
>> die "Bad data in '$data'"; # log this somewhere
>> }
>> `----
>>
>> When I tried it, using the same search string,
>
> What happened then? Show us the code and possible error messages, please.
>
>> all I need is to check for
>> alphanumeric characters to cover the name, email address and a message.
>
> Are there tainted email address and message variables also?
>
>> Is there something wrong with the above search string?
>
> Only you can tell, I suppose...
> I attached my code for my program, the error doesn't happen until the form is filled out. The error that I get is "Insecure dependency in piped open while running with -T switch at /srv/www/cgi-bin/contact line 96." All the variables that have user submitted content go through the above search string as soon as the program retrieves it.
contact
Description: Perl program
-- To unsubscribe, e-mail: beginners-cgi-unsubscr...@perl.org For additional commands, e-mail: beginners-cgi-h...@perl.org http://learn.perl.org/
