Bod has asked for the wisdom of the Perl Monks concerning the following question:
Still trying to get to grips with taint mode...
What is the best course of action when a CPAN module throws an error under taint mode?
I am getting: Insecure $ENV{PATH} while running with -T switch at /usr/local/share/perl5/MIME/Lite.pm line 2697, <DATA> line 1000.
This appears to be a documented bug in MIME::Lite. However, as this module is widely used, I assume there is a way to use it with taint mode.
Is there a way to call it differently?
Or should taint mode be turned off just for this module if that is even possible?
Or do I have to use a different module?
Or is MIME::Lite actually OK and it is my code that is is wrong?
I also suspect that MIME::Lite isn't the only taint incompatible module on CPAN. So some general advice on dealing with this situation would be welcome.
This is the code I am using to call MIME::Lite:
sub email { my ($self, $disp, $id, $vars) = @_; my $cid = $crm->get($id); return undef unless $cid; return 0 unless $cid->{'email'} and $cid->{'fname'}; my $message; $template->process("email/$disp.tt", $vars, \$message); $vars->{'from'} ||= 'xxx<abc@xyz.com'; $vars->{'subject'} ||= 'xxx'; $vars->{'fname'} = $cid->{'fname'}; my $mail = MIME::Lite->new( From => $vars->{'from'}, To => $cid->{'fname'} . ' ' . $cid->{'sname'} . '<' . $ci +d->{'email'} . '>', Subject => $vars->{'subject'}, Type => 'text/html', Data => $message, ); return $mail->send; }
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Insecure CPAN module in taint mode
by Corion (Patriarch) on Jul 06, 2021 at 19:20 UTC | |
by Bod (Parson) on Jul 06, 2021 at 19:49 UTC | |
by marto (Cardinal) on Jul 06, 2021 at 20:07 UTC | |
by Bod (Parson) on Jul 06, 2021 at 21:35 UTC | |
by afoken (Chancellor) on Jul 06, 2021 at 21:31 UTC | |
by Bod (Parson) on Jul 06, 2021 at 22:14 UTC | |
Re: Insecure CPAN module in taint mode
by pryrt (Abbot) on Jul 06, 2021 at 19:50 UTC | |
by Bod (Parson) on Jul 06, 2021 at 21:33 UTC | |
by afoken (Chancellor) on Jul 06, 2021 at 22:00 UTC | |
by Bod (Parson) on Jul 06, 2021 at 22:17 UTC | |
by pryrt (Abbot) on Jul 06, 2021 at 21:50 UTC | |
by Bod (Parson) on Jul 06, 2021 at 22:22 UTC | |
by pryrt (Abbot) on Jul 06, 2021 at 22:29 UTC | |
| |
Re: Insecure CPAN module in taint mode
by kcott (Archbishop) on Jul 07, 2021 at 04:30 UTC |