Re: Taint problem with DBIx::ContextualFetch
[prev]
[thread]
[next]
[Date index for 2004/09/09]
On Thu, Sep 09, 2004 at 05:06:22PM +0100, Tony Bowden wrote:
> On Thu, Sep 09, 2004 at 10:49:28AM -0400, Jesse Sheidlower wrote:
> > [Thu Sep 9 10:42:50 2004] [error] Insecure dependency in
> > parameter 2 of
> > DBIx::ContextualFetch::st=HASH(0xd0432c0)->bind_param method
> > call while running with -T switch at
> > /usr/local/lib/perl5/site_perl/5.8.5/Apache/Session/Store/DBI.pm
> > line 113.\n
>
> Can you replicate this? Can you reduce it to a script that exhibits this
> behaviour?
I can replicate it 100% of the time on this system (which has
"PerlTaintCheck on" in httpd.conf; this behaviour doesn't
occur on another system without this), but it would be
rather difficult to try to reduce it to a test case, as it's
part of a sprawling set of modules. Is there anything I can
try to do before this?
Jesse Sheidlower