On Tue, Aug 05, 2003 at 04:59:56PM +0100, Gary Stainburn wrote:
> Can anyone tell me how to fix this. I've tried untainting the
> $_[0] by storing it in a local variable and runing a regex to
> remove dodgy characters and that doesn't seem to fix it.
>
> sub dump_invoice {
> return unless (open FIN,">DATA/$_[0]");
> print FIN "$_\t$fields{$_}\n" foreach (sort keys %fields);
> print FIN "\n";
> print FIN "$_\n" foreach @dlines;
> close(FIN);
> }
You didn't show the untainting-via-regex, but it should look
something like this:
sub dump_invoice {
unless ($_[0] =~ /^(\w+\.\w+)$/) {
die "Invalid path: $_[0]";
}
my $path = $1;
...
}
--
Steve
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
