Keep It Simple, Stupid | |
PerlMonks |
Re: Insecure Dependency in Taint Modeby kcott (Archbishop) |
on Nov 05, 2022 at 01:15 UTC ( [id://11147976]=note: print w/replies, xml ) | Need Help?? |
G'day Bod, "Is it possible to use PDF::API2 in taint mode ..." I'd say the short answer is "yes". Obviously, I can't reproduce your environment — apart from anything else, there's insufficient information, such as your Apache? configuration — however, the following test works fine.
Changing the last two (new() & save()) lines to:
also works without any problems. I checked:
I'm running Perl v5.36.0 and PDF::API2 v2.043. You've included completely unknown code with "use cPanelUserConfig;". Clearly, we're unable to test that. Try removing all of the code related to PDF::API2 and see if cPanelUserConfig is the cause of your taint issue. Your report suggests that you think PDF::API2 is the source of the problem, but you don't say why; you could be working from a false premise. I'd move strict and warnings to the start of your code. Was there a reason for putting these in the middle of the script? It's been 10-20 years since I last wrote any CGI code; my knowledge is certainly not current. I seem to recall that its documentation included troubleshooting tips involving running a CGI script from the command line. Perhaps look into that and see if it's any help. Have a look at "FindBin: KNOWN ISSUES" and what it says about issues with mod_perl. I'm very much guessing with this — I don't even know if you're using mod_perl — but it may be worth a look. Take a look through "perlsec - Perl security" for anything that might help. Perhaps the suggested:
If none of those suggestions help, you'll have to step through your code to find out where problems are occurring. — Ken
In Section
Seekers of Perl Wisdom
|
|