Problem with Date::Manip, taint mode, and CGI::Carp.

[Louis Erickson]

Hi, everyone. I'm entering the wonderful world of "taint mode" and having
several interesting sorts of problems with it. Most of them are pretty
straightforward and I can get around them.

I've found a problem, though, that I can't get around, and it's an odd one.

I use Date::Manip. It's a favorite of mine, and fast enough for what I'm
doing. I also use CGI::Carp.

In taint mode, those two don't work together.

I have to use 'BEGIN' to load Date::Manip, so there's a chance to clean up
PATH to something sensible. I'd found it, and one of the articles on
Randal L. Schwartz's website
(http://www.stonehenge.com/merlyn/WebTechniques/col66.html) verified for
me that this was needed. (Thanks very much, Randal!)

However, one of my CGI scripts wouldn't work, and I'm stumped as to why.
Apparently CGI::Carp('fatalsToBrowser') breaks Date::Manip's check to see
if we're in Taint mode.

If I have a script:

#!/usr/bin/perl -T
use strict;
use warnings;

# Uncomment this to break the script.
#use CGI::Carp('fatalsToBrowser');

BEGIN {
$ENV{PATH}='/bin:/usr/bin';
require Date::Manip;
Date::Manip->import();
Date::Manip:ate_Init("Internal=1");
}

__END__

Anyone have any idea why, or what's to be done about this? I can copy and
paste the line in Date::Manip that breaks in to my own script, and it works
fine; it's only a problem in Date::Manip.

Any suggestions or ideas would be very welcome!

Thank you all very much!

 

[Gunnar Hjalmarsson]

Apparently CGI::Carp('fatalsToBrowser') breaks Date::Manip's check
to see if we're in Taint mode.

If I have a script:

#!/usr/bin/perl -T
use strict;
use warnings;

# Uncomment this to break the script.
#use CGI::Carp('fatalsToBrowser');

BEGIN {
$ENV{PATH}='/bin:/usr/bin';
require Date::Manip;
Date::Manip->import();
Date::Manip:ate_Init("Internal=1");
}

__END__

The above works fine for me with Perl 5.8.0 on W98, also when I use
'fatalsToBrowser'. Maybe it's a version inconsistency thing.

 

[James Willmore]

#!/usr/bin/perl -T
use strict;
use warnings;

# Uncomment this to break the script.
#use CGI::Carp('fatalsToBrowser');

BEGIN {
$ENV{PATH}='/bin:/usr/bin';
require Date::Manip;
Date::Manip->import();
Date::Manip:ate_Init("Internal=1");
}

__END__

Anyone have any idea why, or what's to be done about this? I can copy and
paste the line in Date::Manip that breaks in to my own script, and it works
fine; it's only a problem in Date::Manip.

Just a stab in the dark here, but have you moved the 'use CGI::Carp
....' line _below_ the BEGIN block of your script? I'm thinking that,
because you're setting your PATH in the BEGIN block, the CGI::Carp
module is being flagged as 'tainted'.

Again - just a stab in the dark.

HTH

Jim