search

abw / Template2

Perl Template Toolkit v2
http://template-toolkit.org/
146 stars 94 forks source link

taint warning for Template::Provider #258

Closed fche closed 4 years ago

fche commented 4 years ago

Observed under bugzilla 5.04, running perl-Template-Toolkit 3.007:

[Fri Mar 27 22:03:49 2020] showdependencytree.cgi: Use of uninitialized value $compiled in concatenation (.) or string at /usr/lib64/perl5/vendor_perl/Template/Provider.pm line 588.
[Fri Mar 27 22:03:49 2020] showdependencytree.cgi: compiled template : Insecure dependency in require while running with -T switch at /usr/lib64/perl5/vendor_perl/Template/Provider.pm line 587.

<LpSolit> _load_compiler() in Template::Provider reports an insecure dependency warning. $fpath must be detained before being passed to require.

atoomic commented 4 years ago

Thanks for the fix @jwakely this will be in the coming 3.008 release