On Tue, Nov 07, 2000 at 05:39:40AM +0100, Gerald Richter wrote:
> > if the browser has an invalid cookie (one that doesn't correspond to
> > an existing session), you get a taint error (at least in
> > Apache::Session::FileStore) from the {_session_id}, resulting in an
> > "internal server error".
>
> Could you give me the line number where the error occurs inside
> Apache::Session::FileStore and the version of Apache::Session do you use?
sorry:
[Mon Nov 6 12:25:52 2000] [error] [20422]ERR: 24: Line 46: Error in Perl code:
Insecure dependency in open while running with -T switch at
/usr/lib/perl5/Apache/Session/ FileStore.pm line 42.
[Mon Nov 6 12:25:52 2000] [error] Insecure dependency in open while running with -T
switch at /usr/lib/perl5/Apache/Session/FileStore.pm line 42.
(Apache::Session 1.03)
line 42:
open (ME, '>'.$directory.'/'.$session->{data}->{_session_id}) ||
die "Could not open file for writing $!";
i did some nosying around, and the tainted data is {_session_id}
--
- Gus
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
