Closed djstauffer closed 4 years ago
hurricup
commented
4 years ago Thanks!
Question. Shouldn't we use a ${^TAINT} to automatically handle this? Cause otherwise it won't work.
Or better let it be explicit.
Also, would be nice to put few lines in pod file about new option
djstauffer
commented
4 years ago On 3/17/20 1:10 AM, Alexandr Evstigneev wrote:
Thanks!
You are very welcome.
Question. Shouldn't we use a ${^TAINT} to automatically handle this? Cause otherwise it won't work.
${^TAINT} will be set to a 'truthy' value if taint mode is enabled. I guess it depends on if there is any value in letting the user control enabling taint mode compatibility within the debugger code.
With the patch I provided, it would not be necessary to check ${^TAINT}, and it would work (and does, I tested it :-D ) as long as you define the new environment variable.
After thinking about it, however, I'm having trouble coming up with a good reason that we should not just replace the check of the $CAMELCADEDB_TAINT_MODE_SUPPORT variable with a check for ${^TAINT}. If the user has enabled taint mode, then they are going to want the debugger to still work, and it won't without untainting those two variables.
I've updated the code on my end and tested this, and it works fine. So if you're in agreement, I'll push the changes up to my 'issue#29' branch.
djstauffer
commented
4 years ago Let me know if you want me to create a second pull request for the new change.
https://github.com/Camelcade/Devel-Camelcadedb/issues/29
This fix interprets a CAMELCADEDB_TAINT_MODE_SUPPORT environment variable with a 'truthy' value to mean that the PERL5_DEBUG_HOST and PERL5_DEBUG_PORT variables should be untainted before use.
The CAMELCADEDB_TAINT_MODE_SUPPORT variable can be set in the enviroment of the running Perl program (like PERL5_DEBUG_HOST and PERL5_DEBUG_PORT are).