But why the same code works fine at command line? That's what bothers me most. And.. there is no code duplication. search.pl is a normal script that I use at command line. I just want to output the result in a web page.
Thanks! 2011/11/12 Peter Scott <[email protected]> > On Fri, 11 Nov 2011 19:08:18 -0300, Tessio Fechine wrote: > > #!/usr/bin/perl -T -w > > > > use strict; > > use CGI; > > > > $ENV{PATH} = '/var/www/cgi-bin/'; > > my $exec = 'search.pl'; > > > > > > my $c = CGI->new(); > > print $c->header(), $c->start_html(-title => "It's alive!\n"), "\n"; > > > > my $search = $c->param('search') || 'nobody'; !system $exec, "(cn=". > > $search ." *)" or die "$exec: $!\n"; > > > > print $c->end_html(), "\n"; > > ---//--- > > > > When I run it from command line (./crap.pl), it works just fine. But > > when I try to run it from apache, as a CGI script, I get this error in > > error_log: > > > > "Insecure dependency in system while running with -T switch at > > /var/www/cgi-bin/crap.pl line 14., referer: http://frodo/crap.html"; > > perldoc perlsec. You haven't untainted $search. > > Consider embedding the LDAP search functionality in your CGI, or better > yet, abstracting it to a common module used by both search.pl and your, > er, crap.pl. Code duplication is so enervating. > > -- > Peter Scott > http://www.perlmedic.com/ http://www.perldebugged.com/ > http://www.informit.com/store/product.aspx?isbn=0137001274 > http://www.oreillyschool.com/certificates/perl-programming.php > > -- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > http://learn.perl.org/ > > >
