Did you try moving these two lines:
SV *ka_rv = *hv_fetch((HV*)DBIc_MY_H(imp_sth), keyattrib,strlen(keyattrib),
TRUE);
ka_rv = newSVsv(ka_rv); /* copy to invoke FETCH magic */
to the top of the function, specifically before the perl_call_method("fetch",)
Tim.
On Sun, Feb 16, 2003 at 03:21:20PM +1100, Bradley Baetz wrote:
> I spent some time over the weekend looking at this, without much luck. I
> have a 'fix' - make FETCH IMA_NO_TAINT_IN|IMA_NO_TAINT_OUT, in DBI.pm.
>
> That works arround the problem, but I'm not too sure that its a
> valid fix.
>
> The alternate suggestion, given back in August (of just having the
> dispatch method test for methods starting with fetch, rather than
> testing in _set_fbav) also works, but then stuff like func isn't
> tainted.
>
> OTOH, this is just a workarround, and there is no guarantee that it
> won't break again.
>
> I'm not sure what Tim prefers. Both interpretations of TaintOut (ie
> taint data out, vs taint everything) are probably valid, as long as
> they're appropriately documented. Personally, I think that connecting to
> + relying on a database whose output you don't trust is a bit silly.
> Especially with TaintIn and TaintOut set, where you are going to want to
> use returned data from the db in subsequent statements, which is the
> problem here. TaintIn is a different story, though, which is why I
> wanted these split up to start with.
>
> I would like to know what the change made in perl5.6.1 which fixed this
> was, though - any clues?
>
> Thoughts?
>
> Bradley
