Taint mode blocks vulnerability · markstos/CGI.pm@d0497db

Commit

Taint mode blocks vulnerability

If filename is `ARG`, the while loop will call `open()` on every thing in `@ARG` creating a remote execution vulnerability. Enabling taint mode prevents this. See my [article](http://perltricks.com/article/netanel-rubins-perljam-circus/http://perltricks.com/article/netanel-rubins-perljam-circus/) for details.
Another way to fix would be to use the double diamond operator `<<$file>>` will not call `open()`. But it requires Perl 5.22.0 or higher, which most people won't have.

Loading branch information

David Farrell committed Mar 1, 2016

1 parent c227b04 commit d0497db

examples/file_upload.cgi

-Original file line number
+Diff line change
@@ -1,4 +1,4 @@
-    #!/usr/bin/env perl
+    #!/usr/bin/env perl -T
     use strict;
     use warnings;
@@ Expand Down @@

0 comments on commit `d0497db`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `d0497db`

Commit

There are no files selected for viewing

0 comments on commit d0497db

0 comments on commit `d0497db`