You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@perl.apache.org by Stas Bekman <st...@stason.org> on 2004/10/01 05:32:42 UTC
Re: cvs commit: modperl-2.0/xs/Apache/RequestIO Apache__RequestIO.h
stas@apache.org wrote:
> Index: Changes
> ===================================================================
> RCS file: /home/cvs/modperl-2.0/Changes,v
> retrieving revision 1.505
> retrieving revision 1.506
> diff -u -u -r1.505 -r1.506
> --- Changes 30 Sep 2004 03:39:24 -0000 1.505
> +++ Changes 1 Oct 2004 03:30:11 -0000 1.506
> @@ -12,6 +12,10 @@
>
> =item 1.99_17-dev
>
> +make sure that Apache::Filter::read, APR::Socket::recv,
> +Apache::RequestIO::read, APR::Brigade::flatten, and APR::Bucket::read
> +all return tainted data under -T [Stas]
Could someone please verify whether I've missed some other methods that
populate a buffer of data and we don't test whether they return tainted
data? Thanks a bunch!
This commit has fixed 3 of the methods which previously didn't set the
data to tainted under -T.
--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org