Hi, I have 2 questions to ask while use DBI perl module
I try to install Bugzilla under windows, and the software and version are
below:
I use apache_2.0.44-win32-x86-no_ssl, ActivePerl-5.6.1.635-MSWin32-x86,
bugzilla-2_17_1-win32 (from sqatesting.net).zip,
mysql-3.23.55-win, and the DBI version is 1.34 (downloaded from
ActiveState.com)
1.
The bugzilla has work,I can see my bugzilla's home page now, but I can not
add a Product to it, it show error message:
-----
Adding new product
Content-type: text/html Software error:
Attempted to send tainted string 'INSERT INTO products ( name, description,
milestoneurl, disallownew, votesperuser, maxvotesperbug, votestoconfirm,
defaultmilestone ) VALUES ( 'PM','Patch','',0,0, 10000, 0, '---')' to the
database at globals.pl line 263.
-----
and I modify the initial "TestProduct" company with bugzilla, including
product name and description.
if I I comment out the red line below in globals.pl,then product add ok,
sub SendSQL {
my ($str, $dontshadow) = (@_);
# Don't use DBI's taint stuff yet, because:
# a) We don't want out vars to be tainted (yet)
# b) We want to know who called SendSQL...
# Is there a better way to do b?
if (is_tainted($str)) {
# die "Attempted to send tainted string '$str' to the database";
}
I use DBI-1.34 and perl file associate open command in windows explorer is
C:\Perl\bin\perl.exe "-wT" "%1"
can you tell me what is the meaning of:
# Don't use DBI's taint stuff yet, because:
# a) We don't want out vars to be tainted (yet)
# b) We want to know who called SendSQL...
# Is there a better way to do b?
2.
when enter a new bug and commit, the browser show error message with:
-----
Internal Error
Bugzilla has suffered an internal error. Please save this page and send it
to [EMAIL PROTECTED] with details of what you were doing at the time this
message appeared.
URL: outbind://45-000000003E18D765F76F8C4B91FCA257E90E8330C4393200/
URL: http://localhost/bugzilla/post_bug.cgi
undef error - Insecure dependency in parameter 1 of
DBI::db=HASH(0x202215c)->prepare method call while running with -T switch at
globals.pl line 283.
-----
global.pl line 283 is: $::currentquery = $::db->prepare($str);
I think the 2 questions are the same cause,
can you help me to find where is the problem?
Thanks.
TANG Ye
