Professional Web Applications Themes

Problem with Date::Manip, taint mode, and CGI::Carp. - PERL Miscellaneous

Hi, everyone. I'm entering the wonderful world of "taint mode" and having several interesting sorts of problems with it. Most of them are pretty straightforward and I can get around them. I've found a problem, though, that I can't get around, and it's an odd one. I use Date::Manip. It's a favorite of mine, and fast enough for what I'm doing. I also use CGI::Carp. In taint mode, those two don't work together. I have to use 'BEGIN' to load Date::Manip, so there's a chance to clean up PATH to something sensible. I'd found it, and one of the articles ...

  1. #1

    Default Problem with Date::Manip, taint mode, and CGI::Carp.


    Hi, everyone. I'm entering the wonderful world of "taint mode" and having
    several interesting sorts of problems with it. Most of them are pretty
    straightforward and I can get around them.

    I've found a problem, though, that I can't get around, and it's an odd one.

    I use Date::Manip. It's a favorite of mine, and fast enough for what I'm
    doing. I also use CGI::Carp.

    In taint mode, those two don't work together.

    I have to use 'BEGIN' to load Date::Manip, so there's a chance to clean up
    PATH to something sensible. I'd found it, and one of the articles on
    Randal L. Schwartz's website
    ([url]http://www.stonehenge.com/merlyn/WebTechniques/col66.html[/url]) verified for
    me that this was needed. (Thanks very much, Randal!)

    However, one of my CGI scripts wouldn't work, and I'm stumped as to why.
    Apparently CGI::Carp('fatalsToBrowser') breaks Date::Manip's check to see
    if we're in Taint mode.

    If I have a script:

    #!/usr/bin/perl -T
    use strict;
    use warnings;

    # Uncomment this to break the script.
    #use CGI::Carp('fatalsToBrowser');

    BEGIN {
    $ENV{PATH}='/bin:/usr/bin';
    require Date::Manip;
    Date::Manip->import();
    Date::Manip::Date_Init("Internal=1");
    }

    __END__

    Anyone have any idea why, or what's to be done about this? I can copy and
    paste the line in Date::Manip that breaks in to my own script, and it works
    fine; it's only a problem in Date::Manip.

    Any suggestions or ideas would be very welcome!

    Thank you all very much!

    --
    Louis Erickson - [email]wwonkordwarf.com[/email] - [url]http://www.rdwarf.com/~wwonko/[/url]

    There are people so addicted to exaggeration that they can't tell the
    truth without lying.
    Louis Erickson Guest

  2. #2

    Default Re: Problem with Date::Manip, taint mode, and CGI::Carp.

    Louis Erickson wrote:
    > Apparently CGI::Carp('fatalsToBrowser') breaks Date::Manip's check
    > to see if we're in Taint mode.
    >
    > If I have a script:
    >
    > #!/usr/bin/perl -T
    > use strict;
    > use warnings;
    >
    > # Uncomment this to break the script.
    > #use CGI::Carp('fatalsToBrowser');
    >
    > BEGIN {
    > $ENV{PATH}='/bin:/usr/bin';
    > require Date::Manip;
    > Date::Manip->import();
    > Date::Manip::Date_Init("Internal=1");
    > }
    >
    > __END__
    The above works fine for me with Perl 5.8.0 on W98, also when I use
    'fatalsToBrowser'. Maybe it's a version inconsistency thing.

    --
    Gunnar Hjalmarsson
    Email: [url]http://www.gunnar.cc/cgi-bin/contact.pl[/url]

    Gunnar Hjalmarsson Guest

  3. #3

    Default Re: Problem with Date::Manip, taint mode, and CGI::Carp.

    Louis Erickson <wwonkordwarf.com> wrote in message news:<biuk8d$89q$1holly.rdwarf.com>...
    >
    > #!/usr/bin/perl -T
    > use strict;
    > use warnings;
    >
    > # Uncomment this to break the script.
    > #use CGI::Carp('fatalsToBrowser');
    >
    > BEGIN {
    > $ENV{PATH}='/bin:/usr/bin';
    > require Date::Manip;
    > Date::Manip->import();
    > Date::Manip::Date_Init("Internal=1");
    > }
    >
    > __END__
    >
    > Anyone have any idea why, or what's to be done about this? I can copy and
    > paste the line in Date::Manip that breaks in to my own script, and it works
    > fine; it's only a problem in Date::Manip.
    Just a stab in the dark here, but have you moved the 'use CGI::Carp
    ....' line _below_ the BEGIN block of your script? I'm thinking that,
    because you're setting your PATH in the BEGIN block, the CGI::Carp
    module is being flagged as 'tainted'.

    Again - just a stab in the dark.

    HTH

    Jim
    James Willmore Guest

Similar Threads

  1. PRecur from Date::Manip
    By Arndt, Tobias in forum PERL Modules
    Replies: 2
    Last Post: November 14th, 04:13 PM
  2. taint mode for cgi script
    By Vic in forum PERL Beginners
    Replies: 4
    Last Post: September 1st, 05:42 PM
  3. Problem with FindBin and taint mode under Windows
    By Louis Erickson in forum PERL Miscellaneous
    Replies: 0
    Last Post: August 19th, 11:12 PM
  4. Taint Mode Newbie Help
    By sekdab in forum PERL Miscellaneous
    Replies: 2
    Last Post: July 19th, 03:41 PM
  5. Distributed CGI script in taint mode (re-post)
    By Helgi Briem in forum PERL Miscellaneous
    Replies: 1
    Last Post: June 24th, 04:16 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139