Perl -T

September 30, 2011 by Noah
I've now enabled Taint Mode on my Siikir CMS, for, and (which now runs the Siikir code as well).

Fortunately it wasn't too difficult to fix my code for taint mode to work. I was already centralizing my various string filtering functions to a small handful, which just needed to untaint the strings before returning them.

Then it was just a matter of making sure I ran these filters everywhere that a user ID gets passed into a function (I was relying on the fact that my userExists() check would fail if you give a bad user ID number, but the variable was technically still tainted so I had to fix that properly).

I've thoroughly tested all areas of my sites to make sure nothing broke. Hopefully I didn't miss any. :)



There are 0 comments on this page. Add yours.

Add a Comment

Used for your Gravatar and optional thread subscription. Privacy policy.
You may format your message using GitHub Flavored Markdown syntax.