New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
web interface allows to run arbitrary commands on host #11
Comments
Would IPC::Open2 solve this too #12 ? |
It can solve the problem. You will need to call it avoiding the shell (by passing a list of arguments instead of a command string) as you would when using |
Are you still planning on fixing this? |
Yes, but I'm pretty snowed under at the moment. Would be a week or two at the earliest. |
That's ok., we are in no hurry. We can use it internally in the mean time. |
ping |
@carandraug I have set up a managed web service (with advanced monitoring and quarantine facilities) server here at the University of Cambridge to host particlestats. The new url will be http://particlestats.trophoblast.cam.ac.uk but will be a week or so before I can set up ParticleStats to run there. |
system()
with a list of arguments in order to collect outputThe above means that a file named
foo $(do something bad).xls
will do something bad. Limited to what the user that runs the cgi script can do.The text was updated successfully, but these errors were encountered: