Bug: Topic Diffs gives multiple Perl Taint errors
Problem occured after upgrading: twiki 20040902-1.1 -> 20040902-3 apache2-common 2.0.53-5 -> 2.0.54-2 (other packages were also upgraded at the same time but I suspect the problem was one of these) Immediately after upgrading we started getting this error:Insecure dependency in exec while running with -T switch at /usr/share/perl5/TWiki.pm line 3454.
whenever we clicked the "Diffs" link on a TWiki topic. I looked into the code and
the problem seems to start on line 378 of /usr/share/perl5/TWiki/UI/RDiff.pm
my $rev1 = $query->param( "rev1" );
At this point rev1 (and rev2) are tainted.
On line 410 (411 for rev2) they are run through a regexp:
$rev1 =~ s/r?1\.//go; # cut 'r' and major
but it does not seem sufficient to untaint them.
Changing the line to something like:
($rev1) = $rev1 =~ /r?1\.(\d*)/; # cut 'r' and major
does work.
This issue was also submitted to the Debian
package list and assigned bug# 307299
.
Test case
Environment
| TWiki version: | TWikiRelease02Sep2004 |
| TWiki plugins: | DefaultPlugin, EmptyPlugin, InterwikiPlugin |
| Server OS: | Debian Linux (2.4.25 #1 SMP) |
| Web server: | Apache 2.0.54-2 |
| Perl version: | 5.8.4 |
| Client OS: | Mac OS X Panther |
| Web Browser: | Firefix 1.0.3 |
Impact and Available Solutions
Follow up
Fix record
Discussion
| ChangeProposalForm | |
|---|---|
| TopicClassification | BugReport |
| TopicSummary | Topic Diffs gives multiple Perl Taint errors |
| CurrentState | UnderInvestigation |
| OutstandingIssues | |
| RelatedTopics | |
| InterestedParties | |
| ProposedFor | |
| TWikiContributors | |
Edit | Attach | Topic revision: r2 - 2005-05-02 - TristanLawrence
Site map
Blog web
Create New Topic
Index
Search
Advanced search
My topics of interest
Changes
Major changes only
All tags
Notifications
RSS Feed
Statistics
Preferences
Community 
Readme first
Developers News
How you can help
Community roles
#twiki IRC
Lima Release
Feature Proposals
Bugs Changes
Categories 
Account 
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.