this isn't actually the version I want to commit against; I think this should go against master, but couldn't figure out how to open the pull request unless I went older.
anyway...
I’ve noticed some unhappy Perl behavior in our RHEL 7 environment, up against current CPAN releases.
Specifically, we would get Perl errors running pages that depended on the taint features. Specifically, the files:
[root@blah cgi]# ls -l Untaint*
-rw-rw-r--. 1 root root 1347 May 17 18:40 UntaintEmail.pm
-rw-rw-r--. 1 root root 1231 May 17 18:41 UntaintHTML.pm
-rw-rw-r--. 1 root root 1162 Jul 20 2017 UntaintInput.pm
-rw-rw-r--. 1 root root 1263 May 17 18:44 UntaintInteger.pm
-rw-rw-r--. 1 root root 1553 May 17 18:42 UntaintListOfHTML.pm
-rw-rw-r--. 1 root root 1242 May 17 18:42 UntaintListOfInts.pm
-rw-rw-r--. 1 root root 1233 May 17 18:42 UntaintListOfWords.pm
Would give scoping complaints about not being able to find Perl dependencies.
After I modified those use statements to be less specific, everything gets happy and runs…
an example:
[root@ip-10-5-32-33 cgi]# grep use UntaintEmail.pm
DocDB is distributed in the hope that it will be useful,
use strict;
use base 'CGI::Untaint::object';
use base 'CGI::Untaint’;
replacing the line as I did, makes the code run rather than error out.
If more people are getting this problem than just us, I would humbly suggest I make a patch for the files I needed to change to get the code working, and we consider applying it to the codebase.
this isn't actually the version I want to commit against; I think this should go against master, but couldn't figure out how to open the pull request unless I went older.
anyway...
I’ve noticed some unhappy Perl behavior in our RHEL 7 environment, up against current CPAN releases.
Specifically, we would get Perl errors running pages that depended on the taint features. Specifically, the files:
[root@blah cgi]# ls -l Untaint* -rw-rw-r--. 1 root root 1347 May 17 18:40 UntaintEmail.pm -rw-rw-r--. 1 root root 1231 May 17 18:41 UntaintHTML.pm -rw-rw-r--. 1 root root 1162 Jul 20 2017 UntaintInput.pm -rw-rw-r--. 1 root root 1263 May 17 18:44 UntaintInteger.pm -rw-rw-r--. 1 root root 1553 May 17 18:42 UntaintListOfHTML.pm -rw-rw-r--. 1 root root 1242 May 17 18:42 UntaintListOfInts.pm -rw-rw-r--. 1 root root 1233 May 17 18:42 UntaintListOfWords.pm
Would give scoping complaints about not being able to find Perl dependencies.
After I modified those use statements to be less specific, everything gets happy and runs…
an example:
[root@ip-10-5-32-33 cgi]# grep use UntaintEmail.pm
DocDB is distributed in the hope that it will be useful,
use strict;
use base 'CGI::Untaint::object';
use base 'CGI::Untaint’;
replacing the line as I did, makes the code run rather than error out.
If more people are getting this problem than just us, I would humbly suggest I make a patch for the files I needed to change to get the code working, and we consider applying it to the codebase.
Untaint_dependencies.zip