Perl -T

Noah Petherbridge
kirsle
Posted by Noah Petherbridge on Friday, September 30 2011 @ 04:51:15 PM
I've now enabled Taint Mode on my Siikir CMS, for Kirsle.net, Siikir.com and RiveScript.com (which now runs the Siikir code as well).

Fortunately it wasn't too difficult to fix my code for taint mode to work. I was already centralizing my various string filtering functions to a small handful, which just needed to untaint the strings before returning them.

Then it was just a matter of making sure I ran these filters everywhere that a user ID gets passed into a function (I was relying on the fact that my userExists() check would fail if you give a bad user ID number, but the variable was technically still tainted so I had to fix that properly).

I've thoroughly tested all areas of my sites to make sure nothing broke. Hopefully I didn't miss any. :)

Categories:

[ Blog ]

Comments

There are 0 comments on this page.

Add a Comment

Your name:
Your Email:
Message:
Comments can be formatted with Markdown, and you can use
emoticons in your comment.

If you can see this, don't touch the following fields.