On 2001-10-14 13:11:54Z, Stefan Scholl <stesch / no-spoon.de> wrote:
> But when I check the parameters with the method "tainted?" they
> are all untainted.
> I don't know how this could happen. ENV['QUERY_STRING'] is
> tainted.


OK, to have a secure script I have to say

        if ENV.has_key?('QUERY_STRING')
          Param = CGI.parse(ENV['QUERY_STRING']) 
        else
          Param = nil
        end

instead of

        Param = Cgi.params


But it's no real solution.