Closed
Bug 299920
Opened 19 years ago
Closed 18 years ago
collectstats.pl should run in taint mode
Categories
(Bugzilla :: Reporting/Charting, defect)
Bugzilla
Reporting/Charting
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: mkumar, Assigned: gerv)
Details
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Build Identifier: 2.18 While I run the Collectstats.pl through window task scheduler, it displays error. βInsecure dependency in unlink while running with -T switch at C:\Bugzilla\collectstats.pl line 52.β on command prompt. Task is created with following option---- Run: --- C:\Perl\bin\perl.exe -T C:\Bugzilla\collectstats.pl Start In: --- C:\Bugzilla C:\Bugzilla is my working directory of bugzilla. Reproducible: Always Steps to Reproduce: 1.Create the Task 2.Run the task 3. Actual Results: Insecure dependency in unlink while running with -T switch at C:\Bugzilla\collectstats.pl line 52. Expected Results: Static data should be collected. Scheduled task should be run without any error.
|
||
Updated•19 years ago
|
Assignee: justdave → gerv
Component: bugzilla.org → Reporting/Charting
I have gotten a similar error in 2.20.rc1: Insecure dependency in parameter 3 of DBI::db=HASH(0x8a7a098)->selectrow_array method call while running with -T switch at /srv/www/bugzilla-2.20rc1/editproducts.cgi line 172. I was trying to delete the "Test Product" entry. I was able to add a product, and a couple of quips, so the database seems to be basically working. My user agent of Firefox 1.0.5.
|
||
Comment 2•19 years ago
|
||
I can see this also in 2.20. D:\Bugzilla>perl.exe -T d:\Bugzilla\collectstats.pl Insecure dependency in unlink while running with -T switch at d:\Bugzilla\collectstats.pl line 52 The database and Bugzilla installation is updated from 2.20rc2 -> 2.20
|
|
||
Comment 3•19 years ago
|
||
Removing the *.png files from graphs\-directory seemed to correct the problem.
|
||
Comment 5•19 years ago
|
||
collectstats.pl currently cannot be run with the -T switch. This is known, and for this reason its shebang line is "#!/usr/bin/perl -w" (instead of "...-wT"). Please run collectstats.pl without the -T switch for now. Morphing, and classifying as minor because collectstats.pl doesn't handle CGI parameters.
Severity: major → minor
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 2000 → All
Hardware: PC → All
Summary: Insecure dependency in unlink → collectstats.pl should run in taint mode
note that running in taint mode strips '.' from the lib path.
when this bug is fixed, we should also set the cwd and add '.' to @INC
BEGIN {
require 5.006_001;
use File::Basename;
chdir dirname($0);
use lib '.';
}
see bug 298405
|
||
Comment 7•18 years ago
|
||
Unless I miss something, there is no reason to run in tainted mode. collectstats.pl takes no data from the command line except --regenerate, which is safe. checksetup.pl doesn't run in tainted mode either.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•