"Kevin Spencer" <[EMAIL PROTECTED]> writes: [...]
> Using the URL: > > http://myserverhere/cgi-bin/taint-test/taint.pl?log=foo > > Produces: > > Oops! Where's the taint?!? > > $^TAINT=1 CGI.pm uses $r->args to get at the query string, which isn't marked as tainted by mod_perl2. Arguably it's a bug in mod_perl, but you could use APR::Request instead, which marks all params tainted. -- Joe Schaefer
