This queue is for tickets about the CGI-Session CPAN distribution.

Report information
The Basics
Id:
18873
Status:
resolved
Priority:
Low/Low
Queue:

People
Owner:
Nobody in particular
Requestors:
robert [...] interactive.co.uk
Cc:
AdminCc:

BugTracker
Severity:
Critical
Broken in:
  • 4.09
  • 4.13
Fixed in:
(no value)



Subject: Doesn't work in taint mode
Just installed TWiki, and hit taint mode errors from the eval "require $_" at line 650 in sub load in Session.pm First access, taking the defaults for serializer, driver and ID. Perl is 5.6.0 (yeah, it's old:-) on linux (redhat 7.2) Replacing... for ( @pms ) { eval "require $_"; With my ($pm); for $pm ( @pms ) { $pm =~ /(.*)/; $pm = $1; eval "require $pm"; fixes the problem (albeit rather sluttishly!).
From: mleblanc@cpan.org
On Sat Apr 22 09:17:12 2006, guest wrote:
Show quoted text
> Just installed TWiki, and hit taint mode errors from the > eval "require $_" at line 650 in sub load in Session.pm > > First access, taking the defaults for serializer, driver and ID. > > Perl is 5.6.0 (yeah, it's old:-) on linux (redhat 7.2) > > Replacing... > > for ( @pms ) { > eval "require $_"; > > With > > my ($pm); > for $pm ( @pms ) { > $pm =~ /(.*)/; > $pm = $1; > eval "require $pm"; > > fixes the problem (albeit rather sluttishly!). > >
Untainting driver, serializer, and id generator names before attempting to load them is currently in SVN and should be available for next release (4.14).


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.