Hi,
Date::Manip is used from a module that's used from a handler. Perl dies when I try to ParseDate or Unixdate a date - saying that $ENV{PATH} is insecure.
I've tried to set $ENV{PATH} = '...' in a BEGIN block, and I've tried setting it from PerlSetEnv PATH ...
How can I untaint $ENV{PATH}??
Did you localize it in the BEGIN block? Where was this block defined?
You should be able to easily reproduce the problem outside mod_perl, turning it into a perl question ;) e.g.:
% perl -wTle 'print `ls`'
Insecure $ENV{PATH} while running with -T switch at -e line 1.% perl -wTle 'local $ENV{PATH} = "/bin"; print `ls`'
Insecure $ENV{BASH_ENV} while running with -T switch at -e line 1.% perl -wTle 'local $ENV{PATH} = "/bin"; local $ENV{qw(BASH_ENV)}; print `ls`'
a.out
...__________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
