On 2001-10-14 13:11:54Z, Stefan Scholl <stesch / no-spoon.de> wrote:
> But when I check the parameters with the method "tainted?" they
> are all untainted.
> I don't know how this could happen. ENV['QUERY_STRING'] is
> tainted.


OK, to have a secure script I have to say

        Param = CGI.parse(ENV['QUERY_STRING'])

instead of

        Param = Cgi.params


But it's no real solution.