APM: CGI::Application and -T
Sam Foster
austin.pm at sam-i-am.com
Wed Nov 17 22:16:29 CST 2004
I'm having trouble running a perl cgi in taint mode.
I have an implementation of CGI::Application that runs just fine, but
dies as soon as I put it into taint mode (by adding -T to my shebang)
E.g #!C:/perl/bin/perl.exe -wT (I'm developing with activeperl 5.8,
apache 1.3 on winXP... the production server will by a standard
linux/apache combo)
Without fail, I get the Internal Server Error message in my browser. I
also (this is windows XP Pro) get the microsoft error report prompt,
telling me the Perl Command Line Interpreter has encountered a problem
inviting me to send them the details of this problem.
I have
use CGI::Carp qw(fatalsToBrowser);
.. in both my cgi, and the package that subclasses CGI::Application. I'm
also attempting to trap errors generated by the CGI::App with
$res = eval{ $webapp->run()};
I can add die "some message" at seemingly any point in my cgi wrapper,
or the packages it uses and get the expected carp output in my browser.
I also run the thing in the cmd shell by setting a couple environment
variables (DOCUMENT_ROOT, REQUEST_URI_ and calling
perl mycgi.cgi
.. and get the expected output back in the console.
But when I do
perl -T mycgi.cgi, again it dies, with no message to the console. Again,
the same error prompt.
In all likelyhood there's tainted data in there, I'm using the
REQUEST_URI and DOCUMENT_ROOT cgi environment variables for starters.
But I can't begin to address the problem as it stands, as I'm not able
to see the error.
Anyone?
thanks
Sam
More information about the Austin
mailing list