Skip Menu |

This queue is for tickets about the XML-RSS CPAN distribution.

Report information
The Basics
Id: 52334
Status: resolved
Priority: 0/
Queue: XML-RSS
People
Owner: SHLOMIF [...] cpan.org
Requestors: jeff [...] rev.net
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue Dec 01 16:04:00 2009 jeff [...] rev.net - Ticket created
Subject: Taint problem on save
Date: Tue, 01 Dec 2009 16:03:19 -0500
To: bug-XML-RSS [...] rt.cpan.org
From: Jeffrey Culverhouse <jeff [...] rev.net>
I am using XML::RSS version 1.46 on Perl ver 5.10.0. When using $rss->parsefile() to read an existing RSS file, the encoding is read from the file and saved in the object. Later, when $rss->save() is called to save the RSS object, if taint mode checking is on in the perl program, this error occurs: Insecure dependency in open while running with -T switch at [...]/XML/RSS.pm line 1353 because the encoding is used in the open command in the save() function at that line, but has not been verified and untainted as a valid encoding type. I am getting around this problem for now by simply setting: $rss->{'encoding'} = 'UTF-8' right after calling parsefile() jeff -- Rev.Net Internet Access & Services "The power of a good connection" Jeffrey Culverhouse - Vice President O:540-772-3282 x715 F:540-772-0573 jeff@rev.net "When woodland halls are green and cool, and wind is in the West, Come back to me! Come back to me, and say my land is best!" J.R.R Tolkien
  Wed Dec 02 04:20:21 2009 SHLOMIF [...] cpan.org - Correspondence added
On Tue Dec 01 16:04:00 2009, jeff@rev.net wrote: Show quoted text
> > I am using XML::RSS version 1.46 on Perl ver 5.10.0. > > When using $rss->parsefile() to read an existing RSS file, the encoding > is read from the file and saved in the object. Later, when $rss->save() > is called to save the RSS object, if taint mode checking is on in the > perl program, this error occurs: > > Insecure dependency in open while running with -T switch at > [...]/XML/RSS.pm line 1353 > > because the encoding is used in the open command in the save() function > at that line, but has not been verified and untainted as a valid > encoding type. > > I am getting around this problem for now by simply setting: > > $rss->{'encoding'} = 'UTF-8' > > right after calling parsefile()
Thanks! I took a look and can see it now. I'll fix it soon. Regards, -- Shlomi Fish Show quoted text
> > > jeff >
  Wed Dec 02 04:20:21 2009 The RT System itself - Status changed from 'new' to 'open'
  Tue Dec 08 16:56:28 2009 SHLOMIF [...] cpan.org - Correspondence added
Fixed in trunk and in the upcoming XML-RSS-1.47 . Regards, -- Shlomi Fish
  Tue Dec 08 16:56:30 2009 SHLOMIF [...] cpan.org - Status changed from 'open' to 'resolved'
  Tue Dec 08 16:56:31 2009 SHLOMIF [...] cpan.org - Given to SHLOMIF