Hi folks,
I have an MVC-style system which passes the request object to various
modules until one of the 'accepts' it.
I'm using Apache2::Request to parse incoming form parameters which is fine.
The problem is that some of these modules want to read XML or Multipart
MIME from the request bod
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Philippe M. Chiasson wrote:
| And as the latest Release Manager, I must say that having to release 3
| extra CPAN modules along with each mp2 releases is going to be a PITA.
|
| http://svn.apache.org/[...]/Apache-Test/tags/1.31
Lots of svn:externals a
I wrote a simple module that parses the HTTP response body and updates
certain text. I want the script to be able to parse and manipulate the HTTP
response headers as well. For example add secure and HttpOnly flags to
certain cookies, or add a redirection when a 500 error code is returned. The
code
eval{
tie %session, 'Apache::Session::MySQL', $id,
{
Handle => $dbh,
LockHandle => $dbh
};
}
Same behavior as I previously mentioned when the Tainted is enabled in
DBI->Connect
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTE
On Mon, Apr 21, 2008 at 2:53 PM, Eli Shemer <[EMAIL PROTECTED]> wrote:
> I summed it down to this line of code
>
> my $id = $cookies{ANONYMOUS_ID}->value;
> if ($id =~ m/(.+)/) { $id=$1; }
>
> tie %session, 'Apache::Session::MySQL', $id,
> {
> Handle => $dbh,
> LockHandle => $dbh
> };
$dbh = DBI->connect("DBI:mysql:[bla]:localhost","[bla]","[bla]",{Taint =>
0})
or die "Cannot connect to database: $DBI::errstr";
doesn’t work
I'm starting to suspect some weird DBI bug.
Works:
$dbh = DBI->connect("DBI:mysql:[bla]:localhost","[bla]","[bla]")
or die "Cannot connect to database
I summed it down to this line of code
my $id = $cookies{ANONYMOUS_ID}->value;
if ($id =~ m/(.+)/) { $id=$1; }
tie %session, 'Apache::Session::MySQL', $id,
{
Handle => $dbh,
LockHandle => $dbh
};
%session is empty at this point, $dbh is a reference to the database
And $id was double chec
On Mon, Apr 21, 2008 at 2:02 PM, Eli Shemer <[EMAIL PROTECTED]> wrote:
> Well, for now I've diagnosed it to crook due to the cookies/session
> operation.
> Because once I remove the cookie from my browser, everything works
> correctly.
Ok, but you need to find what line in your code is having t
On Mon, Apr 21, 2008 at 1:02 PM, Eli Shemer <[EMAIL PROTECTED]> wrote:
> Using telnet/netcase is nice but it will be a nightmare to write a
> debugger
> script that will simulate all of the operations up to that point. (login,
> submission of data to the page)
http://search.cpan.org/author/PETD
Well, for now I've diagnosed it to crook due to the cookies/session
operation.
Because once I remove the cookie from my browser, everything works
correctly.
(if I logged on to the suspicious page just before).
it seems reasonable in theory that DBI's Taintness operation finds the
session/cookie gr
Perrin Harkins wrote:
On Mon, Apr 21, 2008 at 12:45 PM, Eli Shemer <[EMAIL PROTECTED]> wrote:
It's stuck on "Waiting for... " in the status bar
Step away from the browser. If you've never learned how to debug a
web request with telnet or lwp-request, this is a good time to learn.
Just google
On Mon, Apr 21, 2008 at 12:45 PM, Eli Shemer <[EMAIL PROTECTED]> wrote:
> It's stuck on "Waiting for... " in the status bar
Step away from the browser. If you've never learned how to debug a
web request with telnet or lwp-request, this is a good time to learn.
Just google "telnet 80 debugging" or
It's stuck on "Waiting for... " in the status bar
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perrin
Harkins
Sent: Monday, April 21, 2008 5:24 PM
To: Eli Shemer
Cc: modperl@perl.apache.org
Subject: Re: parameters taintness
On Mon, Apr 21, 2008 at 12:
On Mon, Apr 21, 2008 at 12:27 PM, Eli Shemer <[EMAIL PROTECTED]> wrote:
> Stuck meaning that I cannot logon to my web site at all.
> I have to close the explorer and open it again.
Ok, you need to do some debugging. First I'd try connecting with
telnet or a command-line browser like lwp-request
Stuck meaning that I cannot logon to my web site at all.
I have to close the explorer and open it again.
It's as if the web server recognized me as a malicious user and blocked me
out
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perrin
Harkins
Sent: M
On Mon, Apr 21, 2008 at 12:21 PM, Eli Shemer <[EMAIL PROTECTED]> wrote:
> Problem is,
>
> When DBI "Taint" is on, the page is completely stuck and I cannot find any
> errors or warning in the error_log.
Can you be a little more descriptive? What does "stuck" mean in this case?
- Perrin
Hey there
I’m looking for more information on this subject.
I’m using mod_perl2 and apache2
Currently what I’m trying to do is to make both the page and the DBI module
tainted-enabled
I have –t enabled in httpd.conf
And {Taint => 1} upon the DBI connection call.
I’ve made modifica
Fred Moyer wrote:
Geoffrey Young wrote:
Fred Moyer wrote:
Niels van Dijke wrote:
Hi mod_perl maintainers,
Thank you for releasing mod_perl 2.0.4.
I was wondering what happened to Apache2::Reload? Was it missed in
packaging for the upload to CPAN? If so then there may be other files
missing
Steve Hay wrote:
Philippe M. Chiasson wrote:
The mod_perl 1.31 release candidate 4 "Works with Perl 5.10" is
ready. It can be downloaded here:
http://www.apache.org/~gozer/mp1/mod_perl-1.31-rc4.tar.gz
All tests OK using VC6 on WinXP with apache 1.3.39 and perl 5.10.0 built
without USE_MULTI
19 matches
Mail list logo
