Well, for now I've diagnosed it to crook due to the cookies/session operation. Because once I remove the cookie from my browser, everything works correctly. (if I logged on to the suspicious page just before).
it seems reasonable in theory that DBI's Taintness operation finds the session/cookie grabbing and setting as problematic and non-trust worthy. Although it's not a GET/POST parameter but a simple %cookies = fetch CGI::Cookie; For general reference, these are the modules I have on the test page: use strict; use Apache::Session::MySQL; use CGI::Cookie; use Scalar::Util::Numeric qw(isnum); use Apache2::Cookie; use Apache2::Request; use Apache2::Connection; even if the DBI considers the cookie/session functions as tainted, and indeed the page cannot be loaded. why on earth will it continue to work like that in other pages? It's as If I enter this page one time, since then all other pages are Tainted-enabled also, and I have to remove the cookie. I really would like to get DBI to scream out when it finds a tainted variable, not hold the entire operation and withhold any further information. Using telnet/netcase is nice but it will be a nightmare to write a debugger script that will simulate all of the operations up to that point. (login, submission of data to the page) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perrin Harkins Sent: Monday, April 21, 2008 5:54 PM To: Eli Shemer Cc: modperl@perl.apache.org Subject: Re: parameters taintness On Mon, Apr 21, 2008 at 12:45 PM, Eli Shemer <[EMAIL PROTECTED]> wrote: > It's stuck on "Waiting for... " in the status bar Step away from the browser. If you've never learned how to debug a web request with telnet or lwp-request, this is a good time to learn. Just google "telnet 80 debugging" or something similar to find some guides to get you started. - Perrin No virus found in this incoming message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.2/1387 - Release Date: 19/04/2008 11:31 No virus found in this outgoing message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.2/1387 - Release Date: 19/04/2008 11:31
