Dominique Quatravaux wrote:
Sorry, getting out of good ideas..
Surprise, surprise: I found out that my code does not work under
mod_perl 1.23 either! And I found the real solution: one has to add
PerlSetupEnv Off
to the Apache configuration file. Now the untainting mumbo-jumbo in
perl
On Tue, Jul 15, 2003 at 12:19:14PM +0300, Stas Bekman wrote:
Dominique Quatravaux wrote:
Sorry, getting out of good ideas..
Surprise, surprise: I found out that my code does not work under
mod_perl 1.23 either! And I found the real solution: one has to add
PerlSetupEnv Off
to
Peter B. Ensch wrote:
FWIW, I use the following code when I need to use ``|qx:
local $ENV{PATH} = /bin:/usr/bin;
local @ENV{ qw(IFS CDPATH ENV BASH_ENV) };
But this code must be used in each scope where you intend to use
backticks, a system call Etc. Is there no way to untaint your
PATH
On Tue, Jul 15, 2003 at 04:30:35PM +0300, Stas Bekman wrote:
Peter B. Ensch wrote:
FWIW, I use the following code when I need to use ``|qx:
local $ENV{PATH} = /bin:/usr/bin;
local @ENV{ qw(IFS CDPATH ENV BASH_ENV) };
But this code must be used in each scope where you intend to use
Sorry, getting out of good ideas..
Surprise, surprise: I found out that my code does not work under
mod_perl 1.23 either! And I found the real solution: one has to add
PerlSetupEnv Off
to the Apache configuration file. Now the untainting mumbo-jumbo in
perl section works.
Warning:
I need some help with this. Can you share the code you use w/in
your Perl section?
Sure! Here is how I untaint a selected range of variables from the
WWW server's %ENV, and discard all the others (good move to ease
debugging anyway):
# From httpd.conf
PerlTaintCheck On
perl
On Thu, Jul 10, 2003 at 10:25:59AM +0200, Dominique Quatravaux wrote:
I need some help with this. Can you share the code you use w/in
your Perl section?
Sure! Here is how I untaint a selected range of variables from the
WWW server's %ENV, and discard all the others (good move to ease
Thanks for sharing your code; unfortunately, it's not working for me.
I copied it into my httpd.conf file, stopped/started the server and
I still get the same error:
Sorry, getting out of good ideas.. I'm not using mod_perl 1.99, this
probably explains why my code does not work, and also it
In plain CGI, I normally do this inside a BEGIN
block; in mod_perl however, this doesn't work.
This would work if this was done in a Perl section of the httpd.conf
file (this is what I do). I am not sure why the BEGIN block is not
executed, but my guess is that the environment gets
On Wed, Jul 09, 2003 at 05:40:32PM +0200, Dominique Quatravaux wrote:
In plain CGI, I normally do this inside a BEGIN
block; in mod_perl however, this doesn't work.
This would work if this was done in a Perl section of the httpd.conf
file (this is what I do). I am not sure why the BEGIN
10 matches
Mail list logo
