On 6 Sep 2001 [EMAIL PROTECTED] wrote:
> stas 01/09/05 19:36:44
>
> Modified: perl-framework/Apache-Test/lib/Apache TestConfig.pm
> TestConfigParse.pm
> Log:
> - enable taint mode in tests via PerlSwitches -T
> - untaint $ENV{PATH} before using open "-|"
[snip]
> diff -u -r1.7 -r1.8
> --- TestConfigParse.pm 2001/08/20 15:20:50 1.7
> +++ TestConfigParse.pm 2001/09/06 02:36:44 1.8
> @@ -220,6 +220,8 @@
>
> my $version;
> my $cmd = "$httpd -v";
> + # untaint
> + $ENV{PATH} = '/bin:/usr/bin';
> open my $v, '-|', $cmd or die "$cmd failed: $!";
>
> local $_;
This breaks on mine even though $httpd is an absolute path at this point.
I'm not familiar enough with Perl to know why this should be, but is there
a better way (like $ENV{PATH} = '/bin:/usr/bin' unless $httpd =~ m:^/:;).
Would that successfully untaint it?
I can't tell, since mine doesn't complain about it being tainted at this
point and I can't figure out a way to make it do so. Why do you need to
untaint here anyway? Is this something from mod_perl? I'm confused!
Gary
[ Gary Benson, Red Hat Europe ][ [EMAIL PROTECTED] ][ GnuPG 60E8793A ]
