Skip Menu |

This queue is for tickets about the Apache-Session CPAN distribution.

Report information
The Basics
Id: 8482
Status: stalled
Priority: 0/
Queue: Apache-Session

People
Owner: Nobody in particular
Requestors: andy [...] hybridized.org
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 1.6
Fixed in: (no value)



Subject: MySQL Session doesn't get removed when running in taint mode
I was running a mod_perl app with PerlTaint On and got this error message when I tried to untie a MySQL session. The session wasn't removed from the database. When I disabled PerlTaint, the error went away and the session was removed properly. [error] Insecure dependency in parameter 2 of DBIx::ContextualFetch::st=HASH(0xb55828c)->bind_param method call while running with -T switch at /usr/lib/perl5/vendor_perl/5.8.4/Apache/Session/Store/DBI.pm line 113. The line in question is: $self->{remove_sth}->bind_param(1, $session->{data}->{_session_id}); Thanks, -Andy
On Nov. 16 16:41:18 2004, AGRUNDMA wrote: Show quoted text
> I was running a mod_perl app with PerlTaint On and got this error > message when I tried to untie a MySQL session. The session wasn't > removed from the database.
Is session id that you transfer to tie, tainted? It should be untainted to use. Apache::Session verifies session id in tie call. -- Alexandr Ciornii, http://chorny.net