require 5.006
Bradley Baetz
bbaetz at student.usyd.edu.au
Mon Oct 7 04:04:13 UTC 2002
What do people thing about requiuring perl 5.6?
The reason for wanting this is perl 5.005's interaction with TT, where any
tainted variable causes all the vars to become tainted. I never did trace
this down, but since noone else wants to do so either...
The problem this causes is that [% PROCESS foo/edit-$format.html.tmpl %]
won't work, because the vars hash containts tainted elements (like
$::ENV{'HTTP_USER_AGENT'}), so $foo is tainted, so the process fails. This
happened in bug 160170.
See bug 160710 comment 21 for a more detailed explination, but basically,
with TT < 2.08, this was just inefficient (because the template was
recompiled each time), but with TT 2.08, it compiles to a temp file, and
then renames. Rename checks to taintednes for the file you're going to
overwrite, and so this fails.
AFAIK, none of the developers have 5.005 (except for the install on
landfill), and so its possible other 5.005 bugs will exist.
Thoughts?
Bradley
More information about the developers
mailing list