Skip Menu |
 

This queue is for tickets about the CGI-Session CPAN distribution.

Report information
The Basics
Id: 18873
Status: resolved
Priority: 0/
Queue: CGI-Session

People
Owner: Nobody in particular
Requestors: robert [...] interactive.co.uk
Cc:
AdminCc:

Bug Information
Severity: Critical
Broken in:
  • 4.09
  • 4.13
Fixed in: (no value)



Subject: Doesn't work in taint mode
Download (untitled) / with headers
text/plain 457b
Just installed TWiki, and hit taint mode errors from the eval "require $_" at line 650 in sub load in Session.pm First access, taking the defaults for serializer, driver and ID. Perl is 5.6.0 (yeah, it's old:-) on linux (redhat 7.2) Replacing... for ( @pms ) { eval "require $_"; With my ($pm); for $pm ( @pms ) { $pm =~ /(.*)/; $pm = $1; eval "require $pm"; fixes the problem (albeit rather sluttishly!).
From: mleblanc [...] cpan.org
Download (untitled) / with headers
text/plain 700b
On Sat Apr 22 09:17:12 2006, guest wrote: Show quoted text
> Just installed TWiki, and hit taint mode errors from the > eval "require $_" at line 650 in sub load in Session.pm > > First access, taking the defaults for serializer, driver and ID. > > Perl is 5.6.0 (yeah, it's old:-) on linux (redhat 7.2) > > Replacing... > > for ( @pms ) { > eval "require $_"; > > With > > my ($pm); > for $pm ( @pms ) { > $pm =~ /(.*)/; > $pm = $1; > eval "require $pm"; > > fixes the problem (albeit rather sluttishly!). > >
Untainting driver, serializer, and id generator names before attempting to load them is currently in SVN and should be available for next release (4.14).


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.