[NTLUG:Discuss] ...perl cgi question...
Victor Brilon
victor at vail.net
Mon Jul 30 11:07:01 CDT 2001
The -T flag means run in "taint" mode. This is a paranoid mode that
considers any user provided input to be evil until cleansed. This input
includes any shell environment. The easiest way to solve your problem is to
set the PATH environment manually like so:
$ENV{PATH}="/usr/bin:/usr/local/bin";
Obviously adjust the path to make sense for your system
Good luck,
Victor
-----Original Message-----
From: discuss-admin at ntlug.org [mailto:discuss-admin at ntlug.org]On Behalf
Of Fred James
Sent: Monday, July 30, 2001 10:38 AM
To: discuss at ntlug.org
Subject: [NTLUG:Discuss] ...perl cgi question...
Actually 2 questions:
(1) I haven't found an active discussion list that is specific to perl -
do you know of one, or is it OK to post Perl questions here?
(2) From the following code (snippet shown here):
#!/usr/bin/perl -wT
use strict;
use CGI;
use CGIaskit::Error; # local error handling routine
$CGI::HEADERS_ONCE = 1;
$CGI::DISABLE_UPLOADS = 1;
$CGI::POST_MAX = 102_400;
my $q new CGI;
(omitted code)
if ( $errorCount == 0 ) {
my @Arguments = ( "$Pgm", "$email", "$Number", "$f_name", "$m_name",
"$l_name", "$Finp", "$Pprd", "$Find", "$Ppdv" );
system( @Arguments );
(omitted code
}
I am getting this error message:
"Insecure $ENV{PATH} while running -T switch at
full_path_name_of_this_script line 63.
where line 63 is the "system( @Arguments );" shown in the snippet.
Any insight would be appreciated.
--
...make every program a filter...
_______________________________________________
http://www.ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list