On 7 Jan 00, at 9:58, Jeremy Wadsack wrote:
> The reason this come up with an error is that Perl is complaining that the
> variable sent to the shell command are insecure. That is, with taintedness
> on (-T), any variables that are generated outside the program (such as the
> environment) are considered insecure and are not allowed to be sent to an
> external command.
>
> Testing my copy of anlgform.pl from 4.0 I don't have any problems. But, you
> could add this lines to the top of the script to clear up the taintedness
> problem:
>
> delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
>
> If you then get a warning about $ENV{PATH} not being secure, add this line
> as well:
>
> $ENV{'PATH'} = '/bin:/usr/bin';
>
> (Assuming /bin and /usr/bin are non-writable by other than owners and group)
That solves the -T switch, but doesn't solve this larger problem (one last
time):
I've installed analog 4.01 on a system running Linux 2.0.36 / i586
the analog program runs from the command line and the settings are as
expected.
I'm attempting to use the form (anlgform.html) and anlgform.pl. When I
use the form, I get the following error:
Program Failure
Analog failed to run or returned an error code.
Maybe your server's error log will give a clue why.
There's no entry in the error log
I can run anlgform.pl from the command line. When I use:
anlgform.pl qv=1 LOGFILE=/***/***/riccardosmarket-access-log
REQINCLUDE=pages > output.htm
I get an expected output page.
I get the expected output when I submit:
http://riccardos.com/cgi-
riccardosmarket/anl/anlgform.pl?qv=1&LOGFILE=/***/***/riccardosmarket-
access-log&REQINCLUDE=pages
ie:
CGI ON
DNS NONE
WARNINGS FL
LOGFILE /***/l***/***-access-log
(this is correct, I've hidden the path/name for security reasons)
REQINCLUDE pages
OUTFILE stdout
But I get the above error message when I submit:
http://riccardos.com/cgi-
riccardosmarket/anl/anlgform.pl?LOGFILE=/***/***/riccardosmarket-
access-log&REQINCLUDE=pages
Any clues before I pack 4.01 version in and try 3.32?
"Trapped like Mars flies in a Klien Bottle."
[Mark Time]
Klein Bottle's available at http://kleinbottle.com/
dan enright
http://2thirdx-perts.com
------------------------------------------------------------------------
This is the analog-help mailing list. To unsubscribe from this
mailing list, send mail to [EMAIL PROTECTED]
with "unsubscribe analog-help" in the main BODY OF THE MESSAGE.
List archived at http://www.mail-archive.com/analog-help@lists.isite.net/
------------------------------------------------------------------------
