Problem with Date::Manip, taint mode, and CGI::Carp.

Louis Erickson · Sep 1, 2003

Hi, everyone. I'm entering the wonderful world of "taint mode" and having
several interesting sorts of problems with it. Most of them are pretty
straightforward and I can get around them.

I've found a problem, though, that I can't get around, and it's an odd one.

I use Date::Manip. It's a favorite of mine, and fast enough for what I'm
doing. I also use CGI::Carp.

In taint mode, those two don't work together.

I have to use 'BEGIN' to load Date::Manip, so there's a chance to clean up
PATH to something sensible. I'd found it, and one of the articles on
Randal L. Schwartz's website
(http://www.stonehenge.com/merlyn/WebTechniques/col66.html) verified for
me that this was needed. (Thanks very much, Randal!)

However, one of my CGI scripts wouldn't work, and I'm stumped as to why.
Apparently CGI::Carp('fatalsToBrowser') breaks Date::Manip's check to see
if we're in Taint mode.

If I have a script:

#!/usr/bin/perl -T
use strict;
use warnings;

# Uncomment this to break the script.
#use CGI::Carp('fatalsToBrowser');

BEGIN {
$ENV{PATH}='/bin:/usr/bin';
require Date::Manip;
Date::Manip->import();
Date::Manip:

ate_Init("Internal=1");
}

__END__

Anyone have any idea why, or what's to be done about this? I can copy and
paste the line in Date::Manip that breaks in to my own script, and it works
fine; it's only a problem in Date::Manip.

Any suggestions or ideas would be very welcome!

Thank you all very much!

Gunnar Hjalmarsson · Sep 3, 2003

Louis said:
Apparently CGI::Carp('fatalsToBrowser') breaks Date::Manip's check
to see if we're in Taint mode.

If I have a script:

#!/usr/bin/perl -T
use strict;
use warnings;

# Uncomment this to break the script.
#use CGI::Carp('fatalsToBrowser');

BEGIN {
$ENV{PATH}='/bin:/usr/bin';
require Date::Manip;
Date::Manip->import();
Date::Manip:ate_Init("Internal=1");
}

__END__

The above works fine for me with Perl 5.8.0 on W98, also when I use
'fatalsToBrowser'. Maybe it's a version inconsistency thing.

James Willmore · Sep 3, 2003

Louis Erickson said:
#!/usr/bin/perl -T
use strict;
use warnings;

# Uncomment this to break the script.
#use CGI::Carp('fatalsToBrowser');

BEGIN {
$ENV{PATH}='/bin:/usr/bin';
require Date::Manip;
Date::Manip->import();
Date::Manip:ate_Init("Internal=1");
}

__END__

Anyone have any idea why, or what's to be done about this? I can copy and
paste the line in Date::Manip that breaks in to my own script, and it works
fine; it's only a problem in Date::Manip.

Just a stab in the dark here, but have you moved the 'use CGI::Carp
....' line _below_ the BEGIN block of your script? I'm thinking that,
because you're setting your PATH in the BEGIN block, the CGI::Carp
module is being flagged as 'tainted'.

Again - just a stab in the dark.

HTH

Jim

CGI::Carp and File::Temp	7	Mar 26, 2014
taint mode and require using "."	9	Apr 5, 2006
Problem with Date::Manip	7	Jul 21, 2006
noob Date::Manip problems	3	Nov 16, 2005
How to taint a variable (for testing)	3	Jan 21, 2010
Taint mode piped open problem	4	Jan 26, 2008
Taint mode and PERL5LIB	9	Jun 11, 2004
Taint Mode Newbie Help	2	Jul 19, 2003

Problem with Date::Manip, taint mode, and CGI::Carp.

Louis Erickson

Gunnar Hjalmarsson

James Willmore

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads