Result:
found more than 305 distributions - search limited to the first 2001 files matching your query
( run in 0.437 )
Apache-AuthCookie
view release on metacpan or search on metacpan
lib/Apache/AuthCookie.pm view on Meta::CPAN
# Exchange the credentials for a session key.
my $ses_key = $self->authen_cred($r, @credentials);
unless ($ses_key) {
$r->log_error("Bad credentials") if $debug >= 2;
$r->subprocess_env('AuthCookieReason', 'bad_credentials');
$r->uri($self->untaint_destination($destination));
return $auth_type->login_form;
}
if ($debug >= 2) {
if (defined $ses_key) {
lib/Apache/AuthCookie.pm view on Meta::CPAN
$self->send_cookie($ses_key);
$self->handle_cache;
$r->header_out(Location => $self->untaint_destination($destination));
return REDIRECT;
}
sub untaint_destination {
my ($self, $dest) = @_;
return Apache::AuthCookie::Util::escape_destination($dest);
}
lib/Apache/AuthCookie.pm view on Meta::CPAN
be passed in a simple array, so the prototype is
C<$self-E<gt>authen_cred($r, @credentials)>. After calling
C<authen_cred()>, we set the user's cookie and redirect to the
URL contained in the C<"destination"> submitted form field.
=head2 untaint_destination($uri)
This method returns a modified version of the destination parameter
before embedding it into the response header. Per default it escapes
CR, LF and TAB characters of the uri to avoid certain types of
security attacks. You can override it to more limit the allowed
Apache-Authen-Program
view release on metacpan or search on metacpan
examples/oralogon view on Meta::CPAN
#!/www/perl-5.6.1/bin/perl -Tw
# Example Oracle authentication via SQL*Plus program.
#
# NOTE: Runs in taint mode because it is usually
# invoked by other programs (mainly CGIs).
# ------ pragmas
use strict;
Apache-AuthenProgram
view release on metacpan or search on metacpan
examples/oralogon view on Meta::CPAN
#!/www/perl-5.6.1/bin/perl -Tw
# Example Oracle authentication via SQL*Plus program.
#
# NOTE: Runs in taint mode because it is usually
# invoked by other programs (mainly CGIs).
# ------ pragmas
use strict;
Apache-AxKit-Language-XSP-ObjectTaglib
view release on metacpan or search on metacpan
t/005_strict.t view on Meta::CPAN
use File::Basename;
eval 'use Test::Strict';
plan skip_all => 'Test::Strict not installed' if $@;
plan skip_all => 'Need untaint in newer File::Find' if $] <= 5.006;
## I hope this can go away if Test::Strict or File::Find::Rule
## finally run under -T. Until then, I'm on my own here. ;-)
my @files;
my %trusted = (
t/005_strict.t view on Meta::CPAN
'modperl_inc.pl' => 1,
'modperl_startup.pl' => 1
);
find({ wanted => \&wanted,
untaint => 1,
untaint_pattern => qr|^([-+@\w./]+)$|,
untaint_skip => 1,
no_chdir => 1
}, qw(lib t));
sub wanted {
my $name = $File::Find::name;
Apache-DB
view release on metacpan or search on metacpan
lib/Apache/SmallProf.pm view on Meta::CPAN
}
my $sdir = $r->dir_config('SmallProfDir') || 'logs/smallprof';
$dir = "$dir/$sdir";
# Untaint $dir
$dir =~ m/^(.*?)$/; $dir = $1;
mkdir $dir, 0755 unless -d $dir;
# Die if we can't make the directory
Apache-GDGraph
view release on metacpan or search on metacpan
lib/Apache/GD/Graph.pm view on Meta::CPAN
my $type = delete $args{type} || DEFAULT_TYPE;
my $width = delete $args{width} || DEFAULT_WIDTH;
my $height = delete $args{height} || DEFAULT_HEIGHT;
$type =~ m/^(\w+)$/;
$type = $1; # untaint it!
my @data;
my $i = 1;
my $key = "data$i";
while (exists $args{$key}) {
lib/Apache/GD/Graph.pm view on Meta::CPAN
Could not create an instance of class GD::Graph::$type: $@
EOF
}
my $to_file = (parseElement delete $args{to_file})[1];
# Untaint it!
($to_file) = ($to_file =~ /([\w.\/]+)/);
for my $option (keys %args) {
my ($type, $value, @rest) = parse ($args{$option});
Apache-ImageMagick
view release on metacpan or search on metacpan
ImageMagick.pm view on Meta::CPAN
maximum-error
mean-error
montage
rows
signature
taint
width
x-resolution
y-resolution) ;
# ---------------------------------------------------------------------------
Apache-Imager-Resize
view release on metacpan or search on metacpan
PERL_MAGIC_shared|5.007003||p
PERL_MAGIC_sigelem|5.007002||p
PERL_MAGIC_sig|5.007002||p
PERL_MAGIC_substr|5.007002||p
PERL_MAGIC_sv|5.007002||p
PERL_MAGIC_taint|5.007002||p
PERL_MAGIC_tiedelem|5.007002||p
PERL_MAGIC_tiedscalar|5.007002||p
PERL_MAGIC_tied|5.007002||p
PERL_MAGIC_utf8|5.008001||p
PERL_MAGIC_uvar_elem|5.007003||p
PL_stdingv|5.004050||p
PL_sv_arenaroot|5.004050||p
PL_sv_no|5.004050||pn
PL_sv_undef|5.004050||pn
PL_sv_yes|5.004050||pn
PL_tainted|5.004050||p
PL_tainting|5.004050||p
POPi|||n
POPl|||n
POPn|||n
POPpbytex||5.007001|n
POPpx||5.005030|n
doencodes|||
doeval|||
dofile|||
dofindlabel|||
doform|||
doing_taint||5.008001|n
dooneliner|||
doopen_pm|||
doparseform|||
dopoptoeval|||
dopoptolabel|||
magic_getnkeys|||
magic_getpack|||
magic_getpos|||
magic_getsig|||
magic_getsubstr|||
magic_gettaint|||
magic_getuvar|||
magic_getvec|||
magic_get|||
magic_killbackrefs|||
magic_len|||
magic_setpack|||
magic_setpos|||
magic_setregexp|||
magic_setsig|||
magic_setsubstr|||
magic_settaint|||
magic_setutf8|||
magic_setuvar|||
magic_setvec|||
magic_set|||
magic_sizepack|||
sv_setsv_mg|5.006000||p
sv_setsv_nomg|5.007002||p
sv_setsv|||
sv_setuv_mg|5.006000||p
sv_setuv|5.006000||p
sv_tainted||5.004000|
sv_taint||5.004000|
sv_true||5.005000|
sv_unglob|||
sv_uni_display||5.007003|
sv_unmagic|||
sv_unref_flags||5.007001|
sv_unref|||
sv_untaint||5.004000|
sv_upgrade|||
sv_usepvn_mg|5.006000||p
sv_usepvn|||
sv_utf8_decode||5.006000|
sv_utf8_downgrade||5.006000|
swash_fetch||5.007002|
swash_init||5.006000|
sys_intern_clear|||
sys_intern_dup|||
sys_intern_init|||
taint_env|||
taint_proper|||
tmps_grow||5.006000|
toLOWER|||
toUPPER|||
to_byte_substr|||
to_uni_fold||5.007003|
# define PL_stdingv stdingv
# define PL_sv_arenaroot sv_arenaroot
# define PL_sv_no sv_no
# define PL_sv_undef sv_undef
# define PL_sv_yes sv_yes
# define PL_tainted tainted
# define PL_tainting tainting
/* Replace: 0 */
#endif
#ifdef HASATTRIBUTE
# if (defined(__GNUC__) && defined(__cplusplus)) || defined(__INTEL_COMPILER)
#ifndef PERL_MAGIC_sigelem
# define PERL_MAGIC_sigelem 's'
#endif
#ifndef PERL_MAGIC_taint
# define PERL_MAGIC_taint 't'
#endif
#ifndef PERL_MAGIC_uvar
# define PERL_MAGIC_uvar 'U'
#endif
Apache-LoggedAuthDBI
view release on metacpan or search on metacpan
See also L</LongReadLen>.
=item C<TaintIn> (boolean, inherited)
If the C<TaintIn> attribute is set to a true value I<and> Perl is running in
taint mode (e.g., started with the C<-T> option), then all the arguments
to most DBI method calls are checked for being tainted. I<This may change.>
The attribute defaults to off, even if Perl is in taint mode.
See L<perlsec> for more about taint mode. If Perl is not
running in taint mode, this attribute has no effect.
When fetching data that you trust you can turn off the TaintIn attribute,
for that statement handle, for the duration of the fetch loop.
The C<TaintIn> attribute was added in DBI 1.31.
=item C<TaintOut> (boolean, inherited)
If the C<TaintOut> attribute is set to a true value I<and> Perl is running in
taint mode (e.g., started with the C<-T> option), then most data fetched
from the database is considered tainted. I<This may change.>
The attribute defaults to off, even if Perl is in taint mode.
See L<perlsec> for more about taint mode. If Perl is not
running in taint mode, this attribute has no effect.
When fetching data that you trust you can turn off the TaintOut attribute,
for that statement handle, for the duration of the fetch loop.
Currently only fetched data is tainted. It is possible that the results
of other DBI method calls, and the value of fetched attributes, may
also be tainted in future versions. That change may well break your
applications unless you take great care now. If you use DBI Taint mode,
please report your experience and any suggestions for changes.
The C<TaintOut> attribute was added in DBI 1.31.
Apache-Logmonster
view release on metacpan or search on metacpan
lib/Apache/Logmonster/Utility.pm view on Meta::CPAN
}
}
$log->audit("found $archive");
$ENV{PATH} = '/bin:/usr/bin'; # do this or taint checks will blow up on ``
return $log->error( "unknown archive type: $archive", %args )
if $archive !~ /[bz2|gz]$/;
# find these binaries, we need them to inspect and expand the archive
lib/Apache/Logmonster/Utility.pm view on Meta::CPAN
return $log->error( "FAILED to chdir $package!", %args );
}
else {
# some packages (like daemontools) unpack within an enclosing directory
$sub_path = `find ./ -name $package`; # tainted data
chomp $sub_path;
($sub_path) = $sub_path =~ /^([-\w\/.]+)$/; # untaint it
$log->audit( "found sources in $sub_path" ) if $sub_path;
return $log->error( "FAILED to find $package sources!",fatal=>0)
unless ( -d $sub_path && chdir($sub_path) );
}
lib/Apache/Logmonster/Utility.pm view on Meta::CPAN
my %args = $log->get_std_args( %p );
$log->audit("syscmd: $cmd");
my ( $is_safe, $tainted, $bin, @args );
# separate the program from its arguments
if ( $cmd =~ m/\s+/xm ) {
($cmd) = $cmd =~ /^\s*(.*?)\s*$/; # trim lead/trailing whitespace
@args = split /\s+/, $cmd; # split on whitespace
lib/Apache/Logmonster/Utility.pm view on Meta::CPAN
or return $log->error( "$bin was not found", %args);
}
unshift @args, $bin;
require Scalar::Util;
$tainted++ if Scalar::Util::tainted($cmd);
my $before_path = $ENV{PATH};
# instead of croaking, maybe try setting a
# very restrictive PATH? I'll err on the side of safety
# $ENV{PATH} = '';
return $log->error( "syscmd request has tainted data", %args)
if ( $tainted && !$is_safe );
if ($is_safe) {
my $prefix = "/usr/local"; # restrict the path
$prefix = "/opt/local" if -d "/opt/local";
$ENV{PATH} = "/bin:/sbin:/usr/bin:/usr/sbin:$prefix/bin:$prefix/sbin";
Apache-MP3
view release on metacpan or search on metacpan
my $self = shift;
my ($file,$data) = @_;
return unless my $cache = $self->cache_dir;
my $cache_file = "$cache$file";
# some checks and untaint
return if $cache_file =~ m!/\.\./!; # no relative path tricks
$cache_file =~ m!^(/.+)$! or return;
$cache_file = $1;
my $dirname = dirname($cache_file);
Apache-ParseLog
view release on metacpan or search on metacpan
ParseLog.pm view on Meta::CPAN
my(%file); # files
my(%querystring); # Query String
my(%proto); # protos (HTTP/1.0, etc.)
my(%ostatus); # original status (..)
my(%lstatus); # last status (use with %STATUS_BY_CODE)
my(%byte); # Bytes transferred (* containts one key "total")
my(%bytebydate); # bytes by date
my(%bytebytime); # bytes by time
my(%bytebydatetime); # bytes by date/time
my(%filename); # filenames (= files)
my(%addr); # IPs (=~ hosts)
Apache-Perldoc
view release on metacpan or search on metacpan
lib/Apache/Perldoc.pm view on Meta::CPAN
my $perldoc = $r->dir_config('PERLDOC');
my $pod2html = $r->dir_config('POD2HTML');
if ( $perldoc && $pod2html ) {
# We want to run tainted
$ENV{PATH} = "/bin";
} else {
$perldoc ||= "perldoc";
$pod2html ||= "pod2html";
}
Apache-RSS
view release on metacpan or search on metacpan
lib/Apache/RSS.pm view on Meta::CPAN
$cfg->{RSSEncoding} = $arg;
}
sub RSSEncodeHandler($$$) {
my($cfg, $params, $arg) = @_;
$arg =~ m/([a-zA-Z0-9:]+)/; # untaint
my $class = $1;
eval "require $class";
if ($@ && $@ !~ m/^Can't locate/) {
die $@;
}
Apache-Session-PHP
view release on metacpan or search on metacpan
lib/Apache/Session/Store/PHP.pm view on Meta::CPAN
sub _file {
my($self, $session) = @_;
my $directory = $session->{args}->{SavePath} || '/tmp';
my $file = $directory.'/sess_'.$session->{data}->{_session_id};
## taint safe
( $file ) = $file =~ /^(.*)$/;
return( $file );
}
sub insert {
Apache-Session
view release on metacpan or search on metacpan
- all semaphore tests were removed
- Apache::Session::Store::File::materialize should not append to $session->{serialized}
- Apache::Session::Store::File will flush after writing to file
1.88 2008-12-20 by Alexandr Ciornii
- Apache::Session::Generate::MD5::validate will untaint data
- MIN_PERL_VERSION in Makefile.PL
1.87=1.86_03 2008-08-08
1.86_03 2008-08-03 by Alexandr Ciornii
- disabled 99semaphore.t. Help needed.
Apache-TaintRequest
view release on metacpan or search on metacpan
TaintRequest.pm view on Meta::CPAN
use strict;
use warnings;
use Apache;
use Apache::Util qw(escape_html);
use Taint qw(tainted);
$Apache::TaintRequest::VERSION = '0.10';
@Apache::TaintRequest::ISA = qw(Apache);
sub new {
TaintRequest.pm view on Meta::CPAN
foreach my $value (@data) {
# Dereference scalar references.
$value = $$value if ref $value eq 'SCALAR';
# Escape any HTML content if the data is tainted.
$value = escape_html($value) if tainted($value);
}
$self->SUPER::print(@data);
}
TaintRequest.pm view on Meta::CPAN
__END__
=head1 NAME
Apache::TaintRequest - HTML Escape tainted data to prevent CSS Attacks
=head1 SYNOPSIS
use Apache::TaintRequest ();
TaintRequest.pm view on Meta::CPAN
potential cross site scripting attacks. Frequently this involves many
calls to Apache::Util::escape_html().
This module aims to automate this tedious process. It overrides the
print mechanism in the mod_perl Apache module. The new print method
tests each chunk of text for taintedness. If it is tainted we assume
the worst and html-escape it before printing.
Note that this module requires that you have the line
PerlTaintCheck on
Apache-Test
view release on metacpan or search on metacpan
lib/Apache/TestConfig.pm view on Meta::CPAN
$args->{$key} = $val;
}
my $top_dir = fastcwd;
$top_dir = pop_dir($top_dir, 't');
# untaint as we are going to use it a lot later on in -T sensitive
# operations (.e.g @INC)
$top_dir = $1 if $top_dir =~ /(.*)/;
# make sure that t/conf/apache_test_config.pm is found
# (unfortunately sometimes we get thrown into / by Apache so we
lib/Apache/TestConfig.pm view on Meta::CPAN
return File::Path::mkpath($path, 0, 0755);
}
sub open_cmd {
my($self, $cmd) = @_;
# untaint some %ENV fields
local @ENV{ qw(IFS CDPATH ENV BASH_ENV) };
local $ENV{PATH} = untaint_path($ENV{PATH});
# launder for -T
$cmd = $1 if $cmd =~ /(.*)/;
my $handle = Symbol::gensym();
lib/Apache/TestConfig.pm view on Meta::CPAN
my($self, $q, $ok_fail) = @_;
return unless $self->{APXS};
my $val;
unless (exists $self->{_apxs}{$q}) {
local @ENV{ qw(IFS CDPATH ENV BASH_ENV) };
local $ENV{PATH} = untaint_path($ENV{PATH});
my $devnull = devnull();
my $apxs = shell_ready($self->{APXS});
$val = qx($apxs -q $q 2>$devnull);
chomp $val if defined $val; # apxs post-2.0.40 adds a new line
if ($val) {
lib/Apache/TestConfig.pm view on Meta::CPAN
}
}
$self->{_apxs}{$q};
}
# return an untainted PATH
sub untaint_path {
my $path = shift;
return '' unless defined $path;
($path) = ( $path =~ /(.*)/ );
# win32 uses ';' for a path separator, assume others use ':'
my $sep = WIN32 ? ';' : ':';
Apache-Watchdog-RunAway
view release on metacpan or search on metacpan
my $fh = Symbol::gensym();
open $fh, $Apache::Watchdog::RunAway::LOCK_FILE
or die "Cannot open $Apache::Watchdog::RunAway::LOCK_FILE: $!";
chomp (my $pid = <$fh>);
# untaint
$pid = $pid =~ /^(\d+)$/ ? $1 : 0;
close $fh;
return $pid;
}
Apache-Wyrd
view release on metacpan or search on metacpan
Wyrd/Bot.pm view on Meta::CPAN
my $view = '';
my $status = 0;
my $meta = '';
if (-f $self->pidfile) {
my $pid = ${slurp_file($self->pidfile)};
($pid) = $pid =~ /^(\d+)$/; #untainting
$running = kill(0, $pid) if ($pid);
if (not($pid)) {
$self->_raise_exception("Pidfile " . $self->pidfile . " exists, but can't be read. Cannot continue.");
} elsif ($running) {
$self->_info("An instance of this Bot is running. A new bot will not be launched.");
Apache-XPointer-RDQL
view release on metacpan or search on metacpan
lib/Apache/XPointer/RDQL/Parser.pm view on Meta::CPAN
} @{$self->{'resultVars'}};
}
=head2 $obj->bind_predicate($bind_variable)
Returns a list containting a prefix and a localname.
=cut
sub bind_predicate {
my $self = shift;
Apache2-API
view release on metacpan or search on metacpan
lib/Apache2/API/Request/Upload.pm view on Meta::CPAN
# The header for this field
# sub info
sub io { return( shift->upload_io( @_ ) ); }
# sub is_tainted
sub length { return( shift->upload_size( @_ ) ); }
sub link { return( shift->upload_link( @_ ) ); }
lib/Apache2/API/Request/Upload.pm view on Meta::CPAN
my $self = shift( @_ );
my $file = $self->request->upload( 'file_upload' );
# or
my $file = $self->request->param( 'file_upload' );
print( "No check done on data? ", $file->is_tainted ? 'no' : 'yes', "\n" );
print( "Is it encoded in utf8? ", $file->charset == 8 ? 'yes' : 'no', "\n" );
my $field_header = $file->info;
# Returns the APR::Brigade object content for file_upload
lib/Apache2/API/Request/Upload.pm view on Meta::CPAN
$io->readline;
Returns the first line of data from the bride. Lines are terminated by linefeeds (the '\012' character), but this may be changed to C<$/> instead.
=head2 is_tainted
$param->is_tainted();
$param->is_tainted(0); # untaint it
Get or set the param's internal tainted flag.
=head2 length
Returns the size of the param's file-upload content.
Apache2-AuthEnv
view release on metacpan or search on metacpan
lib/Apache2/AuthEnv.pm view on Meta::CPAN
#warn "DB file is '$db'.\n";
warn "Cannot read database file at $line.\n";
return 0;
}
# Untaint as file exists.
$db = $1 if ($db =~ /^(.*)$/);
push @{$cfg->{set}}, ['dbimport', $var, $db, $fmt, $line];
}
lib/Apache2/AuthEnv.pm view on Meta::CPAN
{
err("Cannot read database '$file' failed ($!) ");
return $null;
}
# Side step any taint issues.
# The datbase is a valid file.
$db->RemoveTaint(1);
# Return nothing if there is no entry.
return $null unless exists $data{$var};
Apache2-Authen-Passphrase
view release on metacpan or search on metacpan
lib/Apache2/Authen/Passphrase.pm view on Meta::CPAN
}
sub pwcheck{
my ($user, $pass)=@_;
die INVALID_USER unless $user =~ USER_REGEX; ## no critic (RequireCarping)
$user=${^MATCH}; # Make taint shut up
my $conf=LoadFile "$rootdir/$user.yml";
## no critic (RequireCarping)
die BAD_PASSWORD unless keys %$conf; # Empty hash means no such user
die BAD_PASSWORD unless Authen::Passphrase->from_rfc2307($conf->{passphrase})->match($pass);
Apache2-Banner
view release on metacpan or search on metacpan
PERL_MAGIC_shared|5.007003||p
PERL_MAGIC_sigelem|5.007002||p
PERL_MAGIC_sig|5.007002||p
PERL_MAGIC_substr|5.007002||p
PERL_MAGIC_sv|5.007002||p
PERL_MAGIC_taint|5.007002||p
PERL_MAGIC_tiedelem|5.007002||p
PERL_MAGIC_tiedscalar|5.007002||p
PERL_MAGIC_tied|5.007002||p
PERL_MAGIC_utf8|5.008001||p
PERL_MAGIC_uvar_elem|5.007003||p
PL_stdingv|5.004050||p
PL_sv_arenaroot|5.004050||p
PL_sv_no|5.004050||pn
PL_sv_undef|5.004050||pn
PL_sv_yes|5.004050||pn
PL_tainted|5.004050||p
PL_tainting|5.004050||p
PL_tokenbuf|5.011000||p
POP_MULTICALL||5.011000|
POPi|||n
POPl|||n
POPn|||n
docatch|||
doeval|||
dofile|||
dofindlabel|||
doform|||
doing_taint||5.008001|n
dooneliner|||
doopen_pm|||
doparseform|||
dopoptoeval|||
dopoptogiven|||
magic_getnkeys|||
magic_getpack|||
magic_getpos|||
magic_getsig|||
magic_getsubstr|||
magic_gettaint|||
magic_getuvar|||
magic_getvec|||
magic_get|||
magic_killbackrefs|||
magic_len|||
magic_setpack|||
magic_setpos|||
magic_setregexp|||
magic_setsig|||
magic_setsubstr|||
magic_settaint|||
magic_setutf8|||
magic_setuvar|||
magic_setvec|||
magic_set|||
magic_sizepack|||
sv_setsv_mg|5.004050||p
sv_setsv_nomg|5.007002||p
sv_setsv|||
sv_setuv_mg|5.004050||p
sv_setuv|5.004000||p
sv_tainted||5.004000|
sv_taint||5.004000|
sv_true||5.005000|
sv_unglob|||
sv_uni_display||5.007003|
sv_unmagic|||
sv_unref_flags||5.007001|
sv_unref|||
sv_untaint||5.004000|
sv_upgrade|||
sv_usepvn_flags||5.009004|
sv_usepvn_mg|5.004050||p
sv_usepvn|||
sv_utf8_decode||5.006000|
sys_init||5.010000|n
sys_intern_clear|||
sys_intern_dup|||
sys_intern_init|||
sys_term||5.010000|n
taint_env|||
taint_proper|||
tmps_grow||5.006000|
toLOWER|||
toUPPER|||
to_byte_substr|||
to_uni_fold||5.007003|
# define PL_stdingv stdingv
# define PL_sv_arenaroot sv_arenaroot
# define PL_sv_no sv_no
# define PL_sv_undef sv_undef
# define PL_sv_yes sv_yes
# define PL_tainted tainted
# define PL_tainting tainting
# define PL_tokenbuf tokenbuf
/* Replace: 0 */
#endif
/* Warning: PL_parser
#ifndef PERL_MAGIC_sigelem
# define PERL_MAGIC_sigelem 's'
#endif
#ifndef PERL_MAGIC_taint
# define PERL_MAGIC_taint 't'
#endif
#ifndef PERL_MAGIC_uvar
# define PERL_MAGIC_uvar 'U'
#endif
Apache2-Controller
view release on metacpan or search on metacpan
lib/Apache2/Controller/Directives.pm view on Meta::CPAN
# for Apache2::Controller::Render::Template settings:
A2C_Render_Template_Path /var/myapp/templates
# etc.
All values are detainted using C<< m{ \A (.*) \z }mxs >>,
since they are assumed to be trusted because they come
from the server config file. As long as you don't give
your users the ability to set directives, it should be okay.
=cut
lib/Apache2/Controller/Directives.pm view on Meta::CPAN
croak "A2C_Dispatch_Map $file does not exist or is not readable."
if !(-e $file && -f _ && -r _);
# why not go ahead and load the file!
# slurp it in so it can be detainted.
my $file_contents;
{ local $/;
open my $loadfile_fh, '<', $file
|| croak "Cannot read A2C_Dispatch_Map $file: $OS_ERROR";
lib/Apache2/Controller/Directives.pm view on Meta::CPAN
this does not appear to work? It returns an empty hash.)
=cut
sub A2C_Render_Template_Path {
my ($self, $parms, @directories_untainted) = @_;
my @directories = map {
my ($val) = $_ =~ m{ \A (.*) \z }mxs;
$val;
} @directories_untainted;
# uhh... this doesn't work?
# my $srv_cfg = Apache2::Module::get_config($self, $parms->server);
# DEBUG(sub{"SERVER CONFIG:\n".Dump({
# map {("$_" => $srv_cfg->{$_})} keys %{$srv_cfg}
Apache2-FakeRequest
view release on metacpan or search on metacpan
lib/Apache2/FakeRequest.pm view on Meta::CPAN
read_length register_cleanup request
requires reset_timeout rflush
send_cgi_header send_fd send_http_header
sent_header seqno server
server_root_relative soft_timeout status
status_line subprocess_env taint
the_request translate_name unescape_url
unescape_url_info untaint uri warn
write_client
};
sub elem {
my($self, $key, $val) = @_;
Apache2-ModLogConfig
view release on metacpan or search on metacpan
PERL_MAGIC_shared|5.007003||p
PERL_MAGIC_sigelem|5.007002||p
PERL_MAGIC_sig|5.007002||p
PERL_MAGIC_substr|5.007002||p
PERL_MAGIC_sv|5.007002||p
PERL_MAGIC_taint|5.007002||p
PERL_MAGIC_tiedelem|5.007002||p
PERL_MAGIC_tiedscalar|5.007002||p
PERL_MAGIC_tied|5.007002||p
PERL_MAGIC_utf8|5.008001||p
PERL_MAGIC_uvar_elem|5.007003||p
PL_stdingv|5.004050||p
PL_sv_arenaroot|5.004050||p
PL_sv_no|5.004050||pn
PL_sv_undef|5.004050||pn
PL_sv_yes|5.004050||pn
PL_tainted|5.004050||p
PL_tainting|5.004050||p
PL_tokenbuf|5.011000||p
POP_MULTICALL||5.011000|
POPi|||n
POPl|||n
POPn|||n
docatch|||
doeval|||
dofile|||
dofindlabel|||
doform|||
doing_taint||5.008001|n
dooneliner|||
doopen_pm|||
doparseform|||
dopoptoeval|||
dopoptogiven|||
magic_getnkeys|||
magic_getpack|||
magic_getpos|||
magic_getsig|||
magic_getsubstr|||
magic_gettaint|||
magic_getuvar|||
magic_getvec|||
magic_get|||
magic_killbackrefs|||
magic_len|||
magic_setpack|||
magic_setpos|||
magic_setregexp|||
magic_setsig|||
magic_setsubstr|||
magic_settaint|||
magic_setutf8|||
magic_setuvar|||
magic_setvec|||
magic_set|||
magic_sizepack|||
sv_setsv_mg|5.004050||p
sv_setsv_nomg|5.007002||p
sv_setsv|||
sv_setuv_mg|5.004050||p
sv_setuv|5.004000||p
sv_tainted||5.004000|
sv_taint||5.004000|
sv_true||5.005000|
sv_unglob|||
sv_uni_display||5.007003|
sv_unmagic|||
sv_unref_flags||5.007001|
sv_unref|||
sv_untaint||5.004000|
sv_upgrade|||
sv_usepvn_flags||5.009004|
sv_usepvn_mg|5.004050||p
sv_usepvn|||
sv_utf8_decode||5.006000|
sys_init||5.010000|n
sys_intern_clear|||
sys_intern_dup|||
sys_intern_init|||
sys_term||5.010000|n
taint_env|||
taint_proper|||
tmps_grow||5.006000|
toLOWER|||
toUPPER|||
to_byte_substr|||
to_uni_fold||5.007003|
# define PL_stdingv stdingv
# define PL_sv_arenaroot sv_arenaroot
# define PL_sv_no sv_no
# define PL_sv_undef sv_undef
# define PL_sv_yes sv_yes
# define PL_tainted tainted
# define PL_tainting tainting
# define PL_tokenbuf tokenbuf
/* Replace: 0 */
#endif
/* Warning: PL_parser
#ifndef PERL_MAGIC_sigelem
# define PERL_MAGIC_sigelem 's'
#endif
#ifndef PERL_MAGIC_taint
# define PERL_MAGIC_taint 't'
#endif
#ifndef PERL_MAGIC_uvar
# define PERL_MAGIC_uvar 'U'
#endif
Apache2-ModXml2
view release on metacpan or search on metacpan
PERL_MAGIC_shared|5.007003||p
PERL_MAGIC_sigelem|5.007002||p
PERL_MAGIC_sig|5.007002||p
PERL_MAGIC_substr|5.007002||p
PERL_MAGIC_sv|5.007002||p
PERL_MAGIC_taint|5.007002||p
PERL_MAGIC_tiedelem|5.007002||p
PERL_MAGIC_tiedscalar|5.007002||p
PERL_MAGIC_tied|5.007002||p
PERL_MAGIC_utf8|5.008001||p
PERL_MAGIC_uvar_elem|5.007003||p
PL_stdingv|5.004050||p
PL_sv_arenaroot|5.004050||p
PL_sv_no|5.004050||pn
PL_sv_undef|5.004050||pn
PL_sv_yes|5.004050||pn
PL_tainted|5.004050||p
PL_tainting|5.004050||p
PL_tokenbuf|5.011000||p
POP_MULTICALL||5.011000|
POPi|||n
POPl|||n
POPn|||n
docatch|||
doeval|||
dofile|||
dofindlabel|||
doform|||
doing_taint||5.008001|n
dooneliner|||
doopen_pm|||
doparseform|||
dopoptoeval|||
dopoptogiven|||
magic_getnkeys|||
magic_getpack|||
magic_getpos|||
magic_getsig|||
magic_getsubstr|||
magic_gettaint|||
magic_getuvar|||
magic_getvec|||
magic_get|||
magic_killbackrefs|||
magic_len|||
magic_setpack|||
magic_setpos|||
magic_setregexp|||
magic_setsig|||
magic_setsubstr|||
magic_settaint|||
magic_setutf8|||
magic_setuvar|||
magic_setvec|||
magic_set|||
magic_sizepack|||
sv_setsv_mg|5.004050||p
sv_setsv_nomg|5.007002||p
sv_setsv|||
sv_setuv_mg|5.004050||p
sv_setuv|5.004000||p
sv_tainted||5.004000|
sv_taint||5.004000|
sv_true||5.005000|
sv_unglob|||
sv_uni_display||5.007003|
sv_unmagic|||
sv_unref_flags||5.007001|
sv_unref|||
sv_untaint||5.004000|
sv_upgrade|||
sv_usepvn_flags||5.009004|
sv_usepvn_mg|5.004050||p
sv_usepvn|||
sv_utf8_decode||5.006000|
sys_init||5.010000|n
sys_intern_clear|||
sys_intern_dup|||
sys_intern_init|||
sys_term||5.010000|n
taint_env|||
taint_proper|||
tmps_grow||5.006000|
toLOWER|||
toUPPER|||
to_byte_substr|||
to_uni_fold||5.007003|
# define PL_stdingv stdingv
# define PL_sv_arenaroot sv_arenaroot
# define PL_sv_no sv_no
# define PL_sv_undef sv_undef
# define PL_sv_yes sv_yes
# define PL_tainted tainted
# define PL_tainting tainting
# define PL_tokenbuf tokenbuf
/* Replace: 0 */
#endif
/* Warning: PL_parser
#ifndef PERL_MAGIC_sigelem
# define PERL_MAGIC_sigelem 's'
#endif
#ifndef PERL_MAGIC_taint
# define PERL_MAGIC_taint 't'
#endif
#ifndef PERL_MAGIC_uvar
# define PERL_MAGIC_uvar 'U'
#endif
Apache2-Response-FileMerge
view release on metacpan or search on metacpan
t/.svn/text-base/06-404.t.svn-base view on Meta::CPAN
use Apache::Test;
use Apache::TestRequest;
use Apache::TestUtil;
plan tests => 1, \&need_lwp;
my $r = GET('/css/thatonejustainthere.css');
ok( $r->code() == 404 );
( run in 0.437 second using v1.01-cache-2.11-cpan-d6f9594c0a5 )