use Scalar::Util qw(tainted); # included with perl 5.8.x
This works correctly:
warn "path".tainted($ENV{PATH});
In fact, everything in %ENV is tainted except for GATEWAY_INTERFACE
and MOD_PERL.
sounds right.
It looks like a bug in CGI::Simple in _parse_multipart or _add_param.
if those modules are regex escaping the query string or POST data that could be the problem.
For a quick work-around, does anyone know how to tell perl that data is tainted?
see taint() in the Taint.pm module I mentioned earlier.
--Geoff
-- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html