Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 35367
Status: resolved
Priority: 0/
Queue: CGI

People
Owner: MARKSTOS [...] cpan.org
Requestors: matthiasfrey1 [...] web.de
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: (no value)
Fixed in: (no value)



Subject: Parameters are not tainted with CGI::Fast
Download (untitled) / with headers
text/plain 251b
Hi When executing the attached CGI with the GET Paramter 'param' using CGI::Fast and Taint Mode on the Parameter is not tainted. Perl version: v5.8.8 built for i486-linux-gnu-thread-multi Running on: Linux 2.6.22-14-generic Lighttpd version: 1.4.18
Subject: test.fcgi
Download test.fcgi
application/octet-stream 483b

Message body not shown because it is not plain text.

Download (untitled) / with headers
text/plain 708b
On Thu Apr 24 04:31:29 2008, Darlin wrote: Show quoted text
> Hi > > When executing the attached CGI with the GET Paramter 'param' using > CGI::Fast and Taint Mode on the Parameter is not tainted. > > > Perl version: v5.8.8 built for i486-linux-gnu-thread-multi > Running on: Linux 2.6.22-14-generic > Lighttpd version: 1.4.18
When I run your test script on the command line with CGI.pm 3.43, I get back the result that "param is tainted", so the bug is not triggered there. Is still triggered for you? If so, have you tested plain Perl with FCGI and lighttpd to see if there untainting is working in this environment outside of CGI.pm? I can't see what CGI::Fast would be doing that accidently untaint data. Mark
Considering resolved, after receiving no confirmation since 2009.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.