Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 44579
Status: resolved
Priority: 0/
Queue: CGI

People
Owner: MARKSTOS [...] cpan.org
Requestors: joenio [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: (no value)
Fixed in: (no value)



Subject: Tainted data from QUERY_PARAM
Here the apache warn about this: [Wed Mar 25 08:20:23 2009] [error] [client 189.59.212.79] Insecure dependency in require while running with -T switch at /usr/share/perl/5.10/CGI.pm line 514., referer: <--cut--> [Wed Mar 25 08:20:23 2009] [error] [client 189.59.212.79] BEGIN failed--compilation aborted., referer: <--cut--> [Wed Mar 25 08:20:23 2009] [error] [client 189.59.212.79] Premature end of script headers: save, referer: <--cut--> CGI.pm (3.29): 511: my $val = $QUERY_PARAM{$name}; # always an arrayref; 512: $self->param('-name'=>$name,'-value'=> $val); 513: if (defined $val and ref $val eq 'ARRAY') { 514: for my $fh (grep {defined(fileno($_))} @$val) { 515: seek($fh,0,0); # reset the filehandle. 516: } 517: 518: } # uname -a Linux 2.6.18-6-xen-amd64 #1 SMP Thu Dec 25 22:21:42 UTC 2008 x86_64 GNU/Linux # cat /etc/debian_version 5.0 # perl -MCGI -e 'print CGI->version' 3.29 # perl --version This is perl, v5.10.0 built for x86_64-linux-gnu-thread-multi # apache2 -v Server version: Apache/2.2.9 (Debian) Server built: Jan 21 2009 00:10:51
Download (untitled) / with headers
text/plain 1.2k
Could you submit a Test::More-style test case that triggers the issue? Also, what is your proposed fix? Mark On Wed Mar 25 16:10:16 2009, joenio wrote: Show quoted text
> Here the apache warn about this: > > [Wed Mar 25 08:20:23 2009] [error] [client 189.59.212.79] Insecure > dependency in require while running with -T switch at > /usr/share/perl/5.10/CGI.pm line 514., referer: <--cut--> > [Wed Mar 25 08:20:23 2009] [error] [client 189.59.212.79] BEGIN > failed--compilation aborted., referer: <--cut--> > [Wed Mar 25 08:20:23 2009] [error] [client 189.59.212.79] Premature end > of script headers: save, referer: <--cut--> > > CGI.pm (3.29): > > 511: my $val = $QUERY_PARAM{$name}; # always an arrayref; > 512: $self->param('-name'=>$name,'-value'=> $val); > 513: if (defined $val and ref $val eq 'ARRAY') { > 514: for my $fh (grep {defined(fileno($_))} @$val) { > 515: seek($fh,0,0); # reset the filehandle. > 516: } > 517: > 518: } > > # uname -a > Linux 2.6.18-6-xen-amd64 #1 SMP Thu Dec 25 22:21:42 UTC 2008 x86_64 > GNU/Linux > > # cat /etc/debian_version > 5.0 > > # perl -MCGI -e 'print CGI->version' > 3.29 > > # perl --version > This is perl, v5.10.0 built for x86_64-linux-gnu-thread-multi > > # apache2 -v > Server version: Apache/2.2.9 (Debian) > Server built: Jan 21 2009 00:10:51
Download (untitled) / with headers
text/plain 224b
With no test case, patch or "me too" follow-ups submitted in 3 years, I'm considering this "resolved" due to old age. If the issue is still present, please submit a formal Test::More-style failing test case and re-open.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.