Skip Menu |

This queue is for tickets about the DBIx-Sequence CPAN distribution.

Report information
The Basics
Id: 3856
Status: new
Priority: 0/
Queue: DBIx-Sequence
People
Owner: BBEAUSEJ [...] cpan.org
Requestors: trevor.schellhorn-perl [...] marketingtips.com
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: 1.4
Fixed in: (no value)

History Show all quoted text
  Tue Sep 23 20:07:19 2003 Guest - Ticket created
Subject: Values pulled from database are tainted if Taint flag is on in dbh connection
This patch will fix the problem that occurs when you have the Taint flag turned on for the DBI connection. When the flag is on, any data pulled from the database needs to be de-tainted before it is used in any other SQL statements. It also fixes some problems with SQL statements being prepared but not being 'finish'ed before the DBI connection is closed.
--- DBIx-Sequence-1.4/Sequence.pm 2003-01-13 10:08:35.000000000 -0800 +++ Sequence.pm 2003-09-23 16:56:24.000000000 -0700 @@ -74,9 +74,10 @@ while(my $released_id = $released_ids_sth->fetchrow()) { - if($self->_release_race_for($dataset, $released_id)) + if($self->_release_race_for($dataset, ( $released_id =~ m/^(\d+)$/ )[0] )) { print STDERR "Returning released id $released_id\n" if $self->DEBUG_LEVEL(); + $released_ids_sth->finish; return $released_id; } } @@ -101,7 +102,7 @@ my $current_sth = $self->{_current_sth}; $current_sth->execute($dataset) || croak __PACKAGE__.": $DBI::errstr"; - my ($c_dataset, $current_id) = $current_sth->fetchrow(); + my ($c_dataset, $current_id) = $current_sth->fetchrow(); $current_sth->finish; print STDERR "Returning CURRVAL $current_id for $c_dataset\n"; return $current_id; @@ -183,7 +184,7 @@ my $bootstrap_sth = $self->{_dbh}->prepare($bootstrap_query) || croak __PACKAGE__.": $DBI::errstr"; $bootstrap_sth->execute() || croak __PACKAGE__.": $DBI::errstr"; - my $bootstrap_id = $bootstrap_sth->fetchrow(); + my $bootstrap_id = $bootstrap_sth->fetchrow(); $bootstrap_sth->finish; croak "Bootstrap() failed" if(!$bootstrap_id); @@ -209,7 +210,7 @@ my $init_sth = $self->{_init_sth}; $current_sth->execute($dataset) || croak __PACKAGE__.": $DBI::errstr"; - my ($c_dataset, $current_id) = $current_sth->fetchrow(); + my ($c_dataset, $current_id) = $current_sth->fetchrow(); $current_sth->finish; if(!$c_dataset) { @@ -255,7 +256,7 @@ while($got_id == 0) { $current_sth->execute($dataset) || croak __PACKAGE__.": $DBI::errstr"; - $current_id = $current_sth->fetchrow(); + $current_id = ($current_sth->fetchrow() =~ m/^(\d+)$/ )[0]; $current_sth->finish; if(!$race_for_id || $race_for_id <= $current_id) {
  Wed Sep 24 10:44:34 2003 BBEAUSEJ [...] cpan.org - Taken