#!/usr/bin/perl -wT
use strict;
my $filename = shift @ARGV;
if (-f $filename){
open OUT, "> $filename.new" or die "can't open $filename.new: $!";
print OUT "are we safe?\n";
close OUT;
}
This dies with "Insecure dependency in open while running with -T
switch" as expected. I'd like to know if having passed the -f test, is
is safe to do no other checking on the file name if all I'm going to use
it for is to append a new extension on the file name (in addition to any
extension that may already be there)? Would that be safe on all (or
any) platforms? Are there any other checks I should be doing on the
file name before untainting it?
Thanks,
Tim Bowden
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
http://learn.perl.org/
