On Fri, 11 Nov 2011 19:08:18 -0300, Tessio Fechine wrote:
> #!/usr/bin/perl -T -w
>
> use strict;
> use CGI;
>
> $ENV{PATH} = '/var/www/cgi-bin/';
> my $exec = 'search.pl';
>
>
> my $c = CGI->new();
> print $c->header(), $c->start_html(-title => "It's alive!\n"), "\n";
>
> my $search = $c->param('search') || 'nobody'; !system $exec, "(cn=".
> $search ." *)" or die "$exec: $!\n";
>
> print $c->end_html(), "\n";
> ---//---
>
> When I run it from command line (./crap.pl), it works just fine. But
> when I try to run it from apache, as a CGI script, I get this error in
> error_log:
>
> "Insecure dependency in system while running with -T switch at
> /var/www/cgi-bin/crap.pl line 14., referer: http://frodo/crap.html";
perldoc perlsec. You haven't untainted $search.
Consider embedding the LDAP search functionality in your CGI, or better
yet, abstracting it to a common module used by both search.pl and your,
er, crap.pl. Code duplication is so enervating.
--
Peter Scott
http://www.perlmedic.com/ http://www.perldebugged.com/
http://www.informit.com/store/product.aspx?isbn=0137001274
http://www.oreillyschool.com/certificates/perl-programming.php
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
http://learn.perl.org/
