jalex <[EMAIL PROTECTED]> writes: > I'm running mod_perl 2.0.2 under apache 2.0.54. After adding "PerlSwitches > -wT" to my apache config, I wanted to test that I had taint mode was indeed > working, so I wrote a test script that purposely misused a CGI parameter, > expecting the taint exception to be thrown. I was surprised to find it was > not, so I wrote this small test case:
FYI, this test case works properly under my installation of Debian mod_perl 1.29.0.2 under apache 1.3.34. Jalex, you might want to print out the value of your test variable and make sure it is being received properly. I thought I saw the same problem, until I realized that I hadn't set the log parameter to anything, and undefined CGI parameters are not tainted. Is anybody else seeing this behavior under mod_perl 2? It would indeed be a very serious bug. ----Scott.
