My apache2.conf contains:
PerlSwitches -T
That's the right way.
I'm not entirely sure, but IIRC, if you run a <Perl> section or PerlLoadModule before PerlSwitches its too late to specify taint mode. I might be wrong, but it's worth checking.
It goes like this. There are several directives that force an early perl startup. <Perl> sections and PerlLoadModule are amongst those. When Perl is started and PerlSwitches weren't set yet (.e.g if you do:
PerlLoadModule ... PerlSwitches -T
you will get an error that PerlSwitches are ignored:
Syntax error on line 104 of /home/stas/apache.org/mp2-cvs/t/conf/httpd.conf: mod_perl is already running, too late for PerlSwitches
so there can be no confusion about it.
warn tainted(param('foo')); # false for any given foo
Am I doing something wrong?
Where does tainted() come from? I'm not familiar with that function.
probably from Taint.pm (whose code is quite interesting if you take a look at it - a one liner with a paragraph of comments :)
And a whole Taint.xs http://search.cpan.org/src/DSUGAL/Taint-0.07/Taint.xs (For some reason search.cpan.org has the old version, as there is 0.09) And it fails a bunch of test with any 5.8.x perl
__________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
-- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
