X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/27261da09be059c6400d71138f060eb94faa407e..cd7eb3e62572f14f52a7bced4e8aea946368ccff:/doc/bugs/taint_issue_with_regular_expressions.mdwn?ds=sidebyside diff --git a/doc/bugs/taint_issue_with_regular_expressions.mdwn b/doc/bugs/taint_issue_with_regular_expressions.mdwn index 5ba9e19f6..172b49fd1 100644 --- a/doc/bugs/taint_issue_with_regular_expressions.mdwn +++ b/doc/bugs/taint_issue_with_regular_expressions.mdwn @@ -12,8 +12,8 @@ which is exactly the same regular expression drawn out as a constant. It appear > hole. It seems more likely that perl containes to have taint flag bugs > even in 5.8. See also: [[prune_causing_taint_mode_failures]], > [[Insecure_dependency_in_mkdir]], -> [[Insecure_dependency_in_eval_while_running_with_-T_switch.mdwn]], -> and especially [[debbug 411786]] +> [[Insecure_dependency_in_eval_while_running_with_-T_switch]], +> and especially [[!debbug 411786]] > > The last of those was the last straw for me, and I disabled taint > checking in the debian package. You can do the same by building ikiwiki @@ -29,3 +29,7 @@ without any payload of the actual regexp, and that would also certainly also hav 'wiki_file_regexp' => qr/(?-xism:(^[-[:alnum:]_.:\/+]+$))/ This would call for at most an installation prerequisite of Data::Dumper >= 1.121. A look at the module's changelog shows that no intervening versions were actually released, so 1.121 would be the minimal good one. + +> You must have a very old version of perl there. This seems to be a bug in +> data dumper before 2.11, which didn't properly dump q// objects. Prereq +> added, [[done]] --[[Joey]]