From: Jonas Liljegren <[EMAIL PROTECTED]>
> Some problems came up with taintcheck in TT 2.01 while using cached
> tempaltes .. and nonchaced tempalte handles in mod_perl...
I just upgraded to 2.02 and have similar problems under mod_perl
with PerlTaintCheck enabled.
> Template::Document row 246: untaint $file
Yup, same here:
| Insecure dependency in open while running with -T switch
| at /.../Template/Document.pm line 246.
which is the line
open(CFH, ">$file")
from the write_perl_file sub
> Template::Provider row 709: untaint $compfile (and maby $data->{'time'}?)
Line 717 in v2.02
> I think that was the only two I encounterd.
I had another one in Provider:
| failed to load compiled template /..../welcome.tt.ttc:
| Insecure dependency in require while running with -T switch
| at /.../Template/Provider.pm line 425.
which is the line
eval { $data = require $compiled };
from the _fetch_path method
And then there are some really obscure errors and bugs like
"Bizarre copy of ARRAY/HASH in aassign at /../Carp/Heavy.pm"
or
"Undefined subroutine &File::Basename::dirname called at
/.../Template/Provider.pm line 707."
or
the CGI.pm function param() returning strings like
"<PARAM>fieldname</PARAM>" instead of the value of form fields,
but I think this is a problem with my mod_perl version, and has
no direct connection to the TT. I'm going to upgrade it on the
weekend, but not without somebody sitting beside me and holding
my hand in case I manage to completely break it...
cheers,
stefan
PS: I thought about sending patches for the taint checks, but I'm
not familiar enough with the TT internals (yet). Sorry.
