This queue is for tickets about the CHI CPAN distribution.

Report information
The Basics
Id:
84366
Status:
rejected
Priority:
Low/Low
Queue:

People
Owner:
Nobody in particular
Requestors:
jatu [...] hqcodeshop.fi
Cc:
AdminCc:

BugTracker
Severity:
Important
Broken in:
0.56
Fixed in:
(no value)



Subject: CHI::File taint-checks fail with mod_perl
When running CHI with File back-end on a web server with Apache / mod_perl there is a lot of grievance with taint checks failing. I was unable to replicate the issue from command-line. My suggested fix is to un-taint the directory and filename parameters.
Subject: taint.patch
--- CHI/Driver/File.pm.orig 2013-04-02 11:27:05.792619858 +0300 +++ CHI/Driver/File.pm 2013-04-02 11:29:05.834897810 +0300 @@ -63,7 +63,8 @@ { $new_key = $self->digest_key($new_key); } - return $new_key; + die "fail!" if ($new_key !~ /^(.+)$/); + return $1; } sub unescape_key { @@ -234,7 +235,8 @@ $filepath = fast_catfile( @paths, $filename ); } - return $filepath; + die "fail!" if ($filepath !~ /^(.+)$/); + return $1; } 1;


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.