Closed Bug 217614 Opened 21 years ago Closed 21 years ago

How to reproduce perl taint check failures in post_bug.cgi with perl 5.8.0

Categories

(Bugzilla :: Creating/Changing Bugs, defect)

Product:
Bugzilla
Component:
Creating/Changing Bugs
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 177828

People

(Reporter: ejb, Assigned: myk)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Bug 177828 which has been closed as "RESOLVED" reports that a taint check fails
in perl 5.8.0 in post_bug.cgi when running under perl 5.8.0.  (Specifically,
this message:

Insecure dependency in exec while running with -T switch at
/var/www/intranet/bugzilla/post_bug.cgi line 303.

is issued.)

There is some discussion about not being able to reproduce the problem with
2.16.  I've added some comments describing how to do this and seeking a
workaround or fix for 2.16.3 running with perl 5.8.0.

If I could, I would simply reopen that bug.  If that is the proper course of
action, please reopen that bug and then close this one as a duplicate.  If not,
please consider this to be a report specific to this problem being in 2.16.


Reproducible: Always

Steps to Reproduce:
1. Run bugzilla 2.16.3 on a system with perl 5.8.0 such as RedHat Linux 9
2. Create a new bug with at least one person in the CC field


Actual Results:  
The above error message was issued.  The bug still posted.  People in the CC
field may not have been notified.  (One of my users reports this.  I have not
verified it personally.)

Expected Results:  
[Note: this message box in the bug reporting form appears under, "What should
Mozilla have done instead?"  I think that text should read, "What should
Bugzilla have done intsead?"....]

No taint message should have been issued, and the mail should have been sent
out.  If the taint message is reporting an actual problem, the problem should be
fixed. :-)  Otherwise, some suitable workaround to prevent this problem should
be added to the 2.16 code base so that people who prefer to run the stable
release with perl 5.8.0 won't see this problem.
We'll do this there.  It's fixed on the tip, but we can backport it for
functionality loss.

*** This bug has been marked as a duplicate of 177828 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.