Item13028: Implement Development.RemoveTaintCheckingFromFoswiki

pencil
Priority: Urgent
Current State: Closed
Released In: 1.2.0
Target Release: minor
Applies To: Engine
Component:
Branches: master
Reported By: GeorgeClark
Waiting For:
Last Change By: CrawfordCurrie
Update rewriteshebang.pl to automatically set or clear the -T flag

I plan to leave -T in place in the git repo, and remove it when building a release. This way our development & testing will continue to use taint mode by default.

-- GeorgeClark - 15 Sep 2014

I'd rather remove it in git as well to pave the way for developing locales support.

-- MichaelDaum - 15 Sep 2014

It seems we're in limbo on this at the moment; 1.2 can't be released with taint mode enabled (and taint checking is testing locales really hard). Jumping this to urgent.

My proposal is as follows:

  1. Remove -T from all perl scripts
  2. Check for the presence of Taint::Runtime and only enable taint if:
    1. DEBUG is on,
    2. Taint::Runtime is present, and
    3. {UseLocale} is off

Thus a developer should install Taint::Runtime to get taint checking. Normal users will not.

-- CrawfordCurrie - 09 Feb 2015

+1 on disabling taint mode in git as well

-- MichaelDaum - 09 Feb 2015

That's part of what I've done.

-- CrawfordCurrie - 09 Feb 2015

 
Topic revision: r7 - 09 Feb 2015, CrawfordCurrie - This page was cached on 12 Nov 2018 - 23:23.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy