require 5.006

Bradley Baetz bbaetz at student.usyd.edu.au
Mon Oct 7 04:04:13 UTC 2002


What do people thing about requiuring perl 5.6?

The reason for wanting this is perl 5.005's interaction with TT, where any 
tainted variable causes all the vars to become tainted. I never did trace 
this down, but since noone else wants to do so either...

The problem this causes is that [% PROCESS foo/edit-$format.html.tmpl %] 
won't work, because the vars hash containts tainted elements (like 
$::ENV{'HTTP_USER_AGENT'}), so $foo is tainted, so the process fails. This 
happened in bug 160170.

See bug 160710 comment 21 for a more detailed explination, but basically,
with TT < 2.08, this was just inefficient (because the template was
recompiled each time), but with TT 2.08, it compiles to a temp file, and 
then renames. Rename checks to taintednes for the file you're going to 
overwrite, and so this fails.

AFAIK, none of the developers have 5.005 (except for the install on 
landfill), and so its possible other 5.005 bugs will exist.

Thoughts?

Bradley




More information about the developers mailing list