| Subject: | CHI::File taint-checks fail with mod_perl |
When running CHI with File back-end on a web server with Apache / mod_perl there is a lot of grievance with taint checks failing. I was unable to replicate the issue from command-line.
My suggested fix is to un-taint the directory and filename parameters.
| Subject: | taint.patch |
--- CHI/Driver/File.pm.orig 2013-04-02 11:27:05.792619858 +0300
+++ CHI/Driver/File.pm 2013-04-02 11:29:05.834897810 +0300
@@ -63,7 +63,8 @@
{
$new_key = $self->digest_key($new_key);
}
- return $new_key;
+ die "fail!" if ($new_key !~ /^(.+)$/);
+ return $1;
}
sub unescape_key {
@@ -234,7 +235,8 @@
$filepath = fast_catfile( @paths, $filename );
}
- return $filepath;
+ die "fail!" if ($filepath !~ /^(.+)$/);
+ return $1;
}
1;