Skip Menu |

This queue is for tickets about the MIME-tools CPAN distribution.

Report information
The Basics
Id: 97886
Status: new
Priority: 0/
Queue: MIME-tools
People
Owner: Nobody in particular
Requestors: damien [...] ideal-logic.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Fri Aug 08 17:47:45 2014 damien [...] ideal-logic.com - Ticket created
Subject: Parser::Filer breaks in Taint mode
Date: Fri, 8 Aug 2014 14:47:16 -0700
To: bug-MIME-tools [...] rt.cpan.org
From: Damien Forkner <damien [...] ideal-logic.com>
Thank you for a very useful piece of software! We run all of our Perl code with taint checking enabled, and we've noticed that you have two methods in the MIME::Parser::Filer class that use the '$$' variable to generate temporary filenames. This variable is tainted, and as a result, when attempting to parse a message with Taint mode on, an "Insecure dependency" exception is generated whenever your module attempts to open a temporary file. This can be fixed by untainting the '$$' variable before it is used to construct the temporary filename. Thought you might like to know. Thanks again! Sincerely, Damien Forkner