| Subject: | doesn't work in taint mode |
Nice module!
However, it does not work properly in taint mode, i.e. the utf-8 bit
does not get set. The reason for this is that Ima::DBI marks values
fetched from the database as tainted, but Encode::_utf8_on() (as used in
the trigger sub established by ->utf8_columns) does not work for tainted
values.
I think this could be fixed with the following patch:
155c155
< use Encode qw( encode_utf8 decode_utf8 );
---
Show quoted text
> use Encode qw( decode_utf8 is_utf8 );
201c201,202
< Encode::_utf8_on($self->{$_}) if defined($self->{$_});
---
Show quoted text> $self->{$_} = decode_utf8( $self->{$_} )
> if defined $self->{$_} && !is_utf8( $self->{$_} );
If you would rather not change it, I suggest to at least document it and
maybe spit out a warning when running with taint mode activated.
Regards,
fany