Java Mailing List Archive

http://www.apache-httpd.com/

Home » modperl.perl »

RE: parameters taintness

Eli Shemer

2008-04-21

Replies: Find Java Web Hosting

Author LoginPost Reply
  eval{
   tie %session, 'Apache::Session::MySQL', $id,
   {
    Handle   => $dbh,
    LockHandle => $dbh
   };
  }

Same behavior as I previously mentioned when the Tainted is enabled in
DBI->Connect

-----Original Message-----
From: pharkins@(protected)
Harkins
Sent: Monday, April 21, 2008 8:13 PM
To: Eli Shemer
Cc: modperl@(protected)
Subject: Re: parameters taintness

On Mon, Apr 21, 2008 at 2:53 PM, Eli Shemer <appar@(protected):
> I summed it down to this line of code
>
> my $id = $cookies{ANONYMOUS_ID}->value;
> if ($id =~ m/(.+)/) { $id=$1; }
>
> tie %session, 'Apache::Session::MySQL', $id,
> {
>  Handle   => $dbh,
>  LockHandle => $dbh
> };

You need to wrap that tie call in an eval, as shown in the
Apache::Session documentation. If it hangs rather than just failing,
the problem most likely has to do with the locking behavior.

- Perrin

No virus found in this incoming message.
Checked by AVG.
Version: 7.5.524 / Virus Database: 269.23.2/1387 - Release Date: 19/04/2008
11:31


No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.524 / Virus Database: 269.23.2/1387 - Release Date: 19/04/2008
11:31



©2008 apache-httpd.com - Jax Systems, LLC, U.S.A.