http://qs321.pair.com?node_id=11134718

Bod has asked for the wisdom of the Perl Monks concerning the following question:

Still trying to get to grips with taint mode...

What is the best course of action when a CPAN module throws an error under taint mode?
I am getting: Insecure $ENV{PATH} while running with -T switch at /usr/local/share/perl5/MIME/Lite.pm line 2697, <DATA> line 1000.

This appears to be a documented bug in MIME::Lite. However, as this module is widely used, I assume there is a way to use it with taint mode.

Is there a way to call it differently?
Or should taint mode be turned off just for this module if that is even possible?
Or do I have to use a different module?
Or is MIME::Lite actually OK and it is my code that is is wrong?

I also suspect that MIME::Lite isn't the only taint incompatible module on CPAN. So some general advice on dealing with this situation would be welcome.

This is the code I am using to call MIME::Lite:

sub email { my ($self, $disp, $id, $vars) = @_; my $cid = $crm->get($id); return undef unless $cid; return 0 unless $cid->{'email'} and $cid->{'fname'}; my $message; $template->process("email/$disp.tt", $vars, \$message); $vars->{'from'} ||= 'xxx<abc@xyz.com'; $vars->{'subject'} ||= 'xxx'; $vars->{'fname'} = $cid->{'fname'}; my $mail = MIME::Lite->new( From => $vars->{'from'}, To => $cid->{'fname'} . ' ' . $cid->{'sname'} . '<' . $ci +d->{'email'} . '>', Subject => $vars->{'subject'}, Type => 'text/html', Data => $message, ); return $mail->send; }