DOCUMENT ROOT = /home1/pryrtcom/public_html
inside eval block to avoid dying on the tainted environment variable
Outside of eval block
ROOT = /home1/pryrtcom/public_html
inside second eval block to avoid dying on the tainted environment variable
eval 2 didn't die if this prints
it did not die because I untainted /home1/pryrtcom/public_html.
####
#!/usr/bin/perl -T
use warnings;
use strict;
use autodie;
use cPanelUserConfig;
use PDF::API2;
BEGIN {
print "content-type: text/plain;\n\n";
$|=1;
}
my $pdf = PDF::API2->new();
$pdf->save('/tmp/new.pdf');
print "I can run to here in taint mode, so it's _not_ PDF::API2 that causes the taint issue\n";
print "DOCUMENT ROOT = $ENV{DOCUMENT_ROOT}\n";
eval { # avoid dying for the tainted variable
print "inside eval block to avoid dying on the tainted environment variable\n";
my $pdf_local = PDF::API2->open("$ENV{'DOCUMENT_ROOT'}/../local.pdf");
print "eval 1 didn't die if this prints\n";
};
print "Outside of eval block\n";
$ENV{DOCUMENT_ROOT} =~ m/^(.*)$/; # not a safe untaint; you should do real checking on DOCUMENT_ROOT for safety
my $root = $1;
print "ROOT = $root\n";
eval { # avoid dying for the tainted variable
print "inside second eval block to avoid dying on the tainted environment variable\n";
my $pdf_local = PDF::API2->open("$root/../local.pdf");
print "eval 2 didn't die if this prints\n";
print "it did not die because I untainted $ENV{DOCUMENT_ROOT}.\n";
1;
} or die "eval failed: $@";