Insecure dependancy
Jason Spence
thalakan at technologist.com
Wed Aug 23 21:10:15 PDT 2000
Hi -
Has anyone else had a problem with insecure dependancies as Freeside parses
out Text::Template files using fill_in? In addition to the IE auto signup
template being parsed out to set up a Windows box to use your ISP, I'm writing
a commission report that gives me the same problem. The exact problem seems
to be the $fi_progtext variable in Text/Template.pm being evaled at line 282
(Text::Template version 1.23) containing some tainted data. I have a
suspicion that it has something to do with FS::UID->cgisuidsetup(), because
without that at the top of the script it doesn't report the data as tainted.
- Jason
More information about the freeside-users
mailing list