On Thu, 14 Jun 2001, Stefan Weiss wrote:
> From: Jonas Liljegren <[EMAIL PROTECTED]>
>
> > Some problems came up with taintcheck in TT 2.01 while using cached
> > tempaltes .. and nonchaced tempalte handles in mod_perl...
>
> I just upgraded to 2.02 and have similar problems under mod_perl
> with PerlTaintCheck enabled.
>
>
> > Template::Document row 246: untaint $file
>
> Yup, same here:
> | Insecure dependency in open while running with -T switch
> | at /.../Template/Document.pm line 246.
> which is the line
> open(CFH, ">$file")
> from the write_perl_file sub
>
>
> > Template::Provider row 709: untaint $compfile (and maby $data->{'time'}?)
>
> Line 717 in v2.02
>
>
> > I think that was the only two I encounterd.
>
> I had another one in Provider:
> | failed to load compiled template /..../welcome.tt.ttc:
> | Insecure dependency in require while running with -T switch
> | at /.../Template/Provider.pm line 425.
> which is the line
> eval { $data = require $compiled };
> from the _fetch_path method
Yup, I see the same thing under 5.005_03. There is no problem with 5.6.1.
I've tried to supply the usual remedy from perlsec manpage:
$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
This shuts the second error with Provider.pm but not inside Document.pm.
_____________________________________________________________________
Stas Bekman JAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide http://perl.apache.org/guide
mailto:[EMAIL PROTECTED] http://apachetoday.com http://eXtropia.com/
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
