Re: Taint error in Printer module

Replies are listed 'Best First'.
Re^2: Taint error in Printer module by Anonymous Monk on Aug 04, 2017 at 21:10 UTC
What is the actual error message as produced by perl? The one listed in your post isn't. What do you get with `use Data::Dump qw/ dd /; dd( $prn );` [download] get_unique_spool makes use of a tainted $ENV{TEMP}	[reply] [d/l]
Re^3: Taint error in Printer module by ksublondie (Friar) on Aug 08, 2017 at 16:54 UTC
This is a web interface and any generated errors are run through CGI::Application::dump(). Public error message: Internal exception error Internal error message: + Insecure $ENV{PATH} while running with -T switch File: /usr/local/share/perl/5.24.1/Printer/Unix.pm Line: 129 ... Current Run mode: 'transactions_approve' ... Query Environment: CONTEXT_DOCUMENT_ROOT => '/var/www/html' CONTEXT_PREFIX => '' DOCUMENT_ROOT => '/var/www/html' GATEWAY_INTERFACE => 'CGI/1.1' HTTP_ACCEPT => '/' HTTP_ACCEPT_ENCODING => 'gzip, deflate' HTTP_ACCEPT_LANGUAGE => 'en-US' HTTP_CONNECTION => 'Keep-Alive' HTTP_COOKIE => 'CGISESSID=19ba4d2d00de2da0f433055d04e8745b' ... MOD_PERL => 'mod_perl/2.0.10' MOD_PERL_API_VERSION => '2' PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/ +bin' ... [download] I'm resetting ENV{PATH} and now ENV{TEMP} in Printer.pm, Printer::Unix.pm, and my code. Somehow It's still getting the wrong PATH. It will work once or twice, then fail.	[reply] [d/l]


Your skill will accomplish what the force of many cannot
	PerlMonks