Hi Stas,
On Wed, 8 Oct 2003, Stas Bekman wrote:
> Ged Haywood wrote:
> > On Wed, 8 Oct 2003, James Tolley wrote:
> >
> >>How can I untaint $ENV{PATH}??
> >
> > You have to do it in those (appropriate) places where the data appear,
> > in every request. Use a substitution command to convert characters
> > from user input which might become dangerous if your scripts can use
> > them as input to things like system calls.
>
> Ged, sorry, but this is totally wrong.
Ouch. :(
You're quite right Stas, I realized as soon as I'd hit CTRL-X what I'd done.
Ignore me. It's late. Sorry all.
73,
Ged.
