Still trying to get to grips with taint mode...
What is the best course of action when a CPAN module throws an error under taint mode?
I am getting: Insecure $ENV{PATH} while running with -T switch at /usr/local/share/perl5/MIME/Lite.pm line 2697, <DATA> line 1000.
This appears to be a documented bug in MIME::Lite. However, as this module is widely used, I assume there is a way to use it with taint mode.
Is there a way to call it differently?
Or should taint mode be turned off just for this module if that is even possible?
Or do I have to use a different module?
Or is MIME::Lite actually OK and it is my code that is is wrong?
I also suspect that MIME::Lite isn't the only taint incompatible module on CPAN. So some general advice on dealing with this situation would be welcome.
This is the code I am using to call MIME::Lite:
sub email {
my ($self, $disp, $id, $vars) = @_;
my $cid = $crm->get($id);
return undef unless $cid;
return 0 unless $cid->{'email'} and $cid->{'fname'};
my $message;
$template->process("email/$disp.tt", $vars, \$message);
$vars->{'from'} ||= 'xxx<abc@xyz.com';
$vars->{'subject'} ||= 'xxx';
$vars->{'fname'} = $cid->{'fname'};
my $mail = MIME::Lite->new(
From => $vars->{'from'},
To => $cid->{'fname'} . ' ' . $cid->{'sname'} . '<' . $ci
+d->{'email'} . '>',
Subject => $vars->{'subject'},
Type => 'text/html',
Data => $message,
);
return $mail->send;
}
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.