You are here: Foswiki>Tasks Web>Item13028 (09 Feb 2015, CrawfordCurrie)Edit Attach

Item13028: Implement Development.RemoveTaintCheckingFromFoswiki

Priority: Urgent
Current State: Closed
Released In: 1.2.0
Target Release: minor

Applies To: Engine
Component:
Branches: master

Reported By: GeorgeClark
Waiting For:
Last Change By: CrawfordCurrie

Update rewriteshebang.pl to automatically set or clear the -T flag

I plan to leave -T in place in the git repo, and remove it when building a release. This way our development & testing will continue to use taint mode by default.

-- GeorgeClark - 15 Sep 2014

I'd rather remove it in git as well to pave the way for developing locales support.

-- MichaelDaum - 15 Sep 2014

It seems we're in limbo on this at the moment; 1.2 can't be released with taint mode enabled (and taint checking is testing locales really hard). Jumping this to urgent.

My proposal is as follows:

Remove -T from all perl scripts
Check for the presence of Taint::Runtime and only enable taint if:
1. DEBUG is on,
2. Taint::Runtime is present, and
3. {UseLocale} is off

Thus a developer should install Taint::Runtime to get taint checking. Normal users will not.

-- CrawfordCurrie - 09 Feb 2015

+1 on disabling taint mode in git as well

-- MichaelDaum - 09 Feb 2015

That's part of what I've done.

-- CrawfordCurrie - 09 Feb 2015

ItemTemplate edit

Summary	Implement RemoveTaintCheckingFromFoswiki
ReportedBy	GeorgeClark
Codebase	trunk
SVN Range
AppliesTo	Engine
Component
Priority	Urgent
CurrentState	Closed
WaitingFor
Checkins	distro:a3cd3fea785d distro:0f78371a2dd7 distro:021183673312
TargetRelease	minor
ReleasedIn	1.2.0
CheckinsOnBranches	master
trunkCheckins
masterCheckins	distro:a3cd3fea785d distro:0f78371a2dd7 distro:021183673312
ItemBranchCheckins
Release01x01Checkins