Why doesn't this work with -T?

by coolmichael (Deacon)
on Jul 06, 2001 at 12:00 UTC
coolmichael has asked for the wisdom of the Perl Monks concerning the following question:

I am trying to write a simple CGI script to read and print out the contents of the error log. I've got a module that contains a hash that has some configuration varriables. Problem is, it doesn't work under taint mode and I can't figure out why. It's fine without taint mode. The error message from the apache log is below.

Any help is appreciated. It's probably something to do with taint that i don't understand yet.

#!perl -w use strict; use CGI; use MySite::ConfigVars qw(%config); $CGI::HEADERS_ONCE = 1; my $q = CGI->new(); print $q->header("text/html"); open (ERRORLOG, $config{'errorlog'}) or die "Error opening error log $config{'errorlog'}\n\n$!"; print $q->start_html("Error Logs"); while(<ERRORLOG>) { print "$_\n", $q->br(); } print $q->end_html(); #########ERROR MESSAGE: [Fri Jul 06 00:53:38 2001] [error] [client] Premature end of + script headers: d:/program files/apache group/apache/cgi-bin/errorlo +g.cgi [Fri Jul 06 00:53:38 2001] [error] [client] Can't locate MyS +ite/ in @INC (@INC contains: D:/Perl/lib D:/Perl/site/li +b) at d:\PROGRA~1\APACHE~1\apache\cgi-bin\errorlog.cgi line 5. [Fri Jul 06 00:53:38 2001] [error] [client] BEGIN failed--co +mpilation aborted at d:\PROGRA~1\APACHE~1\apache\cgi-bin\errorlog.cgi + line 5.

Replies are listed 'Best First'.
Re: Why doesn't this work with -T?
by Zaxo (Archbishop) on Jul 06, 2001 at 12:34 UTC

    This may not fix problems with all the tainted vars, but it looks like MySite/ is not in @INC.

    use lib 'where/that/is/';

    should fix that.

    Other problems may occur with taint mode. It is often a surprise when %ENV is treated a tainted.

    After Compline,

Re: Why doesn't this work with -T?
by davorg (Chancellor) on Jul 06, 2001 at 12:29 UTC
Re: Why doesn't this work with -T?
by Anonymous Monk on Jul 06, 2001 at 17:14 UTC
    You probably have the MySite::ConfigVars in the '.' directory. In taint mode, '.' won't be in @INC since you have no control over what directory '.' is going to be when it's run.

