Skip Menu |
 

This queue is for tickets about the CHI CPAN distribution.

Report information
The Basics
Id: 84366
Status: rejected
Priority: 0/
Queue: CHI

People
Owner: Nobody in particular
Requestors: jatu [...] hqcodeshop.fi
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 0.56
Fixed in: (no value)



Subject: CHI::File taint-checks fail with mod_perl
Download (untitled) / with headers
text/plain 256b
When running CHI with File back-end on a web server with Apache / mod_perl there is a lot of grievance with taint checks failing. I was unable to replicate the issue from command-line. My suggested fix is to un-taint the directory and filename parameters.
Subject: taint.patch
Download taint.patch
text/x-diff 494b
--- CHI/Driver/File.pm.orig 2013-04-02 11:27:05.792619858 +0300 +++ CHI/Driver/File.pm 2013-04-02 11:29:05.834897810 +0300 @@ -63,7 +63,8 @@ { $new_key = $self->digest_key($new_key); } - return $new_key; + die "fail!" if ($new_key !~ /^(.+)$/); + return $1; } sub unescape_key { @@ -234,7 +235,8 @@ $filepath = fast_catfile( @paths, $filename ); } - return $filepath; + die "fail!" if ($filepath !~ /^(.+)$/); + return $1; } 1;


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.