perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Doug MacEachern <do...@covalent.net>
Subject Re: Line 14 in startup.pl
Date Wed, 13 Sep 2000 02:11:23 GMT
On Tue, 12 Sep 2000, Gerald Richter wrote:

> Hi Doug,
> 
> while testing the ActiveState Patches from Randy, I realized that the line
> 14 in startup.pl
> 
>     unshift @INC, split ":", $ENV{PERL5LIB} if $ENV{PERL5LIB};
> 
> causes tainting errors when running nmake test on ActiveState Perl (maybe on
> any Perl 5.6). For me I get the same results in testing when I remove this
> line on all other systems. Currently I don't see for what this line is good
> for, but maybe it make sense for some systems.
> 
> Do you think we can savely remove this line or must it still be there?

i forget why it's there, but rather than remove it, how about changing to
(untested):

if ($ENV{PERL5LIB} and $ENV{PASS_PERL5LIB}) {
     unshift @INC, map { Apache->untaint($_) } split ":", $ENV{PERL5LIB};
}

which makes it disabled by default, but you can enable it with
PASS_PERL5LIB, and Apache->untaint() will remove the taintedness.

many thanks randy and gerald!!


Mime
View raw message