Bug #13974 for Maypole: Maypole is not taint-safe

RT for rt.cpan.org

This queue is for tickets about the Maypole CPAN distribution.

Report information

The Basics

Id:	13974
Status:	new
Priority:	0/
Queue:	Maypole

People

Owner:	TEEJAY [...] cpan.org
Requestors:	dhoworth [...] mrc-lmb.cam.ac.uk
Cc:
AdminCc:

Bug Information

Severity:	Wishlist
Broken in:	2.10
Fixed in:	(no value)

History Show all quoted text

Tue Aug 02 08:30:55 2005 Guest - Ticket created

Subject:

Maypole is not taint-safe

Turning on taint checking by adding -T at the start of beer.cgi results in the following error message: undef error - Insecure dependency in parameter 1 of DBIx::ContextualFetch::db=HASH(0x87a4590)->prepare_cached method call while running with -T switch at /usr/lib/perl5/site_perl/5.8.6/Ima/DBI.pm line 391.

Tue Aug 02 10:32:19 2005 TEEJAY [...] cpan.org - Taken

Tue Aug 02 10:33:33 2005 TEEJAY [...] cpan.org - Correspondence added

[guest - Tue Aug 2 08:30:55 2005]: Show quoted text

> Turning on taint checking by adding -T at the start of beer.cgi > results in the following error message: > > undef error - Insecure dependency in parameter 1 of > DBIx::ContextualFetch::db=HASH(0x87a4590)->prepare_cached method call > while running with -T switch at > /usr/lib/perl5/site_perl/5.8.6/Ima/DBI.pm line 391.

I don't think this is very urgent, but may look at in 2.12 which would be a good time to audit the application properly.