Skip Menu |

This queue is for tickets about the Class-DBI-mysql CPAN distribution.

Report information
The Basics
Id: 3835
Status: resolved
Priority: 0/
Queue: Class-DBI-mysql
People
Owner: Nobody in particular
Requestors: kingsley [...] kingsleysoftware.com
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: (no value)
Fixed in: 0.19

History Show all quoted text
  Mon Sep 22 03:02:25 2003 kingsley [...] kingsleysoftware.com - Ticket created
From: Kingsley Kerce <kingsley [...] kingsleysoftware.com>
Date: Sun, 21 Sep 2003 21:08:37 -0400
To: tony [...] tmtm.com
Subject: Bug in Class::DBI::mysql 0.17
Hi Tony -- First, thanks for contributing some great Perl modules. I recently began using Class::DBI::mysql rather than Class::DBI, and immediately encountered a problem with tainted data. (My code ran fine with -T when using Class::DBI.) I noticed that the Changes file in the Class::DBI::mysql 0.17 distribution says: 0.13 2002-03-09 - untaint the column names in set_up_table I looked at set_up_table() in the 0.13 distro, and saw some code to untaint column names, but that code seems to have disappeared by version 0.17. When I put the untainting back into 0.17's set_up_table(), my problem went away. Let me know what you think... Thanks, Kingsley
  Thu Oct 09 15:52:48 2003 TMTM [...] cpan.org - Status changed from 'new' to 'resolved'
  Thu Oct 09 15:52:48 2003 TMTM [...] cpan.org - Correspondence added
Show quoted text
> I looked at set_up_table() in the 0.13 distro, and saw some code to > untaint column names, but that code seems to have disappeared by > version 0.17. > When I put the untainting back into 0.17's set_up_table(), my problem > went away. Let me know what you think...
Well spotted. Not sure how that one escaped! Hopefully this should be fixed in 0.19 which has just been uploaded to CPAN. Thanks, Tony
  Fri Oct 10 07:01:41 2003 TMTM [...] cpan.org - Fixed in 0.19 added
  Fri Oct 10 07:01:41 2003 TMTM [...] cpan.org - Severity Important added