CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Intermediate:
Insecure dependency

 



pauls
Novice

Jan 24, 2001, 6:11 PM

Post #1 of 5 (208 views)
Insecure dependency Can't Post

I read the thread from 03-00 about this. but it talked about doing the same thing i've tried.

Status: 302 Found Location: http://cgi.tripod.com/bin/error?error=Your script produced this error A Insecure dependency in glob while running with -T switch at pass.cgi line 11. A URI: http://cgi.tripod.com/bin/error?error=Your script produced this error A Insecure dependency in glob while running with -T switch at pass.cgi line 11. A Content-type: text/html

Line 11 is this:
<meta HTTP-EQUIV="REFRESH" CONTENT="0 url=http://[path]/info.html">;

I’ve had this error on other scripts and solved it with this:
if ($word=~/^(\w+)$/) {
$word=$1;
}else{
die "bad data $word: $!";
}
It wont work here though I’ve tried it with the only variable.
Here is the script:
require TripodCGI;
$CGI = new TripodCGI;
require TripodPage;
$PAGE = new TripodPage;

$password = $CGI->param('word');
chomp $password;
#---ADD THIS FOR EVERY PASSWORD------------------
if($password eq ""){
$PAGE->printHeader();
<meta HTTP-EQUIV="REFRESH" CONTENT="0 url=http://paul0725.tripod.com/info.html">;
exit;
}
elsif($password eq "tes") {
$PAGE->printHeader();
<meta HTTP-EQUIV="REFRESH" CONTENT="0 url=http://paul0725.tripod.com/clients/test500/index500.html">;
exit;
}else{
$PAGE->printHeader();
print "The Password **$password** you entered is not valid.
Please check your password or send an Email.";
exit;
}

any ideas would be great…….

Thanks Paul




pauls
Novice

Jan 24, 2001, 8:34 PM

Post #2 of 5 (206 views)
Re: Insecure dependency [In reply to] Can't Post

never mind.........
I was able to make
print "location:...."; work.
so now I dont need an answer but if you know I still have the desire to know......
paul




modified
Deleted

Jan 25, 2001, 1:25 PM

Post #3 of 5 (201 views)
Re: Insecure dependency [In reply to] Can't Post

So on line 11 there is the [path] that will be replaced with a url? That's the -T switch at work. Basically it will make an error if you attempt to open a file or whatever from a variable. Easy to fix. Just check the variable for insecure things, whatever.



pauls
Novice

Jan 25, 2001, 9:56 PM

Post #4 of 5 (195 views)
Re: Insecure dependency [In reply to] Can't Post

well actually the [path] is really paul0725.tripod.com/user/stuff
so line 11 look just like this:
<meta HTTP-EQUIV="REFRESH" CONTENT="0 url=http://paul0725.tripod.com/user/stuff/info.html">;
so as you can see there are no variables so what does the -T switch not like???????
paul






japhy
Enthusiast

Jan 26, 2001, 11:00 AM

Post #5 of 5 (190 views)
Re: Insecure dependency [In reply to] Can't Post

Because line 11 isn't a quoted string! You can't just place HTML in a Perl program and expect Perl to print it. You have to tell Perl to print it!

Change line to print that, instead of just having that sit there. Perl sees it as a file glob operator.

Jeff "japhy" Pinyan -- accomplished hacker, teacher, lecturer, and author

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives