Skip Menu |
 
rt.cpan.org will be shut down on March 1st, 2021.

This queue is for tickets about the Apache-Session CPAN distribution.

Report information
The Basics
Id: 8482
Status: stalled
Priority: 0/
Queue: Apache-Session

People
Owner: Nobody in particular
Requestors: andy [...] hybridized.org
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 1.6
Fixed in: (no value)



Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
Subject: MySQL Session doesn't get removed when running in taint mode
X-RT-Original-Encoding: iso-8859-1
Content-Length: 571
Download (untitled) / with headers
text/plain 571b
I was running a mod_perl app with PerlTaint On and got this error message when I tried to untie a MySQL session. The session wasn't removed from the database. When I disabled PerlTaint, the error went away and the session was removed properly. [error] Insecure dependency in parameter 2 of DBIx::ContextualFetch::st=HASH(0xb55828c)->bind_param method call while running with -T switch at /usr/lib/perl5/vendor_perl/5.8.4/Apache/Session/Store/DBI.pm line 113. The line in question is: $self->{remove_sth}->bind_param(1, $session->{data}->{_session_id}); Thanks, -Andy
MIME-Version: 1.0
X-Mailer: MIME-tools 5.418 (Entity 5.418)
Content-Disposition: inline
Message-Id: <rt-3.6.HEAD-5519-1173570120-997.8482-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf8"
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Original-Encoding: utf-8
Content-Length: 385
Download (untitled) / with headers
text/plain 385b
On Nov. 16 16:41:18 2004, AGRUNDMA wrote: Show quoted text
> I was running a mod_perl app with PerlTaint On and got this error > message when I tried to untie a MySQL session. The session wasn't > removed from the database.
Is session id that you transfer to tie, tainted? It should be untainted to use. Apache::Session verifies session id in tie call. -- Alexandr Ciornii, http://chorny.net


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.