Skip Menu |

This queue is for tickets about the Apache-Session CPAN distribution.

Report information
The Basics
Id: 8482
Status: stalled
Priority: 0/
Queue: Apache-Session
People
Owner: Nobody in particular
Requestors: andy [...] hybridized.org
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 1.6
Fixed in: (no value)

History Show all quoted text
  Tue Nov 16 16:41:18 2004 AGRUNDMA [...] cpan.org - Ticket created
Subject: MySQL Session doesn't get removed when running in taint mode
I was running a mod_perl app with PerlTaint On and got this error message when I tried to untie a MySQL session. The session wasn't removed from the database. When I disabled PerlTaint, the error went away and the session was removed properly. [error] Insecure dependency in parameter 2 of DBIx::ContextualFetch::st=HASH(0xb55828c)->bind_param method call while running with -T switch at /usr/lib/perl5/vendor_perl/5.8.4/Apache/Session/Store/DBI.pm line 113. The line in question is: $self->{remove_sth}->bind_param(1, $session->{data}->{_session_id}); Thanks, -Andy
  Sat Mar 10 18:42:00 2007 CHORNY [...] cpan.org - Correspondence added
On Nov. 16 16:41:18 2004, AGRUNDMA wrote: Show quoted text
> I was running a mod_perl app with PerlTaint On and got this error > message when I tried to untie a MySQL session. The session wasn't > removed from the database.
Is session id that you transfer to tie, tainted? It should be untainted to use. Apache::Session verifies session id in tie call. -- Alexandr Ciornii, http://chorny.net
  Sat Mar 10 18:42:03 2007 The RT System itself - Status changed from 'new' to 'open'
  Sat Mar 10 18:42:04 2007 CHORNY [...] cpan.org - Status changed from 'open' to 'stalled'