| Subject: | Failure to create a user with the DBI backend |
POE-Component-UserBase-0.09.tar.gz v2@vaio:~$ perl -v This is perl, v5.8.4 built for i386-linux-thread-multi v2@vaio:~$ uname -a Linux vaio 2.6.8-vaio #1 Tue Sep 14 12:57:20 BST 2004 i686 GNU/Linux
The _create_dbi subroutine incorrectly handles the username/password/domain/persistent data supplied by a client:
sub _create_dbi {
my ($heap,$href) = @_;
my $stm = <<_EOSTM_;
insert into $heap->{Table} ($heap->{UserColumn},
$heap->{DomainColumn},
$heap->{PasswordColumn},
$heap->{PersistentColumn}
)
values('$heap->{user_name}',
'$heap->{domain}',
'$heap->{password}',
'$heap->{persistent}')
_EOSTM_
my $sth = $heap->{Connection}->prepare($stm);
my $rv = $sth->execute();
$sth->finish();
}
the values used in the INSERT statement should read:
values('$href->{user_name}',
'$href->{domain}',
'$href->{password}',
'$href->{persistent}')
As teh arguments are not supplied to the routine via the $heap variable, but are infact passed in via the $href/second argument.