Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Davorg knocked up a script that contained:

        my $file = DUMP . $mime->filename(1);
        open FILE, '>', $file or die $!;

    What happens when I send you an attachment with a filename of ../../../../../home/davorg/.ssh/authorized_keys, or perhaps more innocently .htaccess?

    This is an excellent use for File::Basename, and Aristotle's previous sysopen() involving O_EXCL|O_CREAT.

    No prizes for guessing which course [perltraining.com.au] I've been recently reviewing.

    • I don't suppose you'd believe that this was a simplified copy of the program would you :)

      It's also been pointed out that an attachment called .htaccess would have interesting results.