Re^3: Developing CGI::Application based modules outside of the default @INC

in reply to Re^2: Developing CGI::Application based modules outside of the default @INC
in thread Developing CGI::Application based modules outside of the default @INC

This works equally well for CGI based applications as it does for CLI.

Not quite true. Public CGI should use taint mode (as does the code in the original post), which means the environment is untrusted and PERL5LIB has no effect. Environment variables not set by CGI input should be trustworthy though.

Taint::Runtime can get around this, as can something like this at the start of your script:

BEGIN {
    if ($ENV{PERL5LIB} && $ENV{PERL5LIB} =~ /^(.*)$/) {
        eval "use lib (".join(',', map "'$_'", split ':', $1).");";
        die $@ if $@;
    }
}
[download]

(updated to fix a typo)

In Section Seekers of Perl Wisdom