| Subject: | taint mode problem |
Hi, Joshua and Seth!
Thank you for this nice module Authen::Captcha (1.023).
I came across the same problem about taint mode as posted in the previous bug report.
I'm just a beginner of Perl, and according to my limited experience,
I think the problem is that $data_code or $png_file should have been untainted before unlink($png_file) is called. This can be found in line 256,261,359 of Authen/Captcha.pm.
My workaround is to untaint $data_code:
if ( $data_code =~ /^([\da-f]{32}$/i )
{ $data_code = $1; }
else
{ print "tainted value!\n";
exit;
}
$png_file = ...
unlink($png_file) ...
I'm looking forward to the solution of this problem.
Beff