[Petal] More on taint issues with Petal 1.10_xx
Jean-Michel Hiver
jhiver at mkdoc.com
Thu Oct 16 16:50:24 BST 2003
> Ok I see that I've either overwhelmed you with information, bored you to
> tears, or noone thinks there is a security issue with eval'ing external
> templates.
I must admit that I have disabled the Taint code from Petal 1.10_06
onwards because:
1/ It's no use to me
2/ I have been focusing on other issues
That being said, if you can come up with a patch that'll make things
work for you I'll be very happy to integrate it into the coming Petal
1.10.
At the moment I am doing a lot of testing on metal. It seems to work
fairly well but I need to do more testing before I decide to release
Petal 1.10.
Also MKDoc::XML is still a bit young, so the stable version might remain
Petal 1.06 for a little while.
Sorry if I appear to be lax / lazy on this issue, and in fact I truly am
:) If you can get Petal 1.10_07 to work with taint, ====> patch please.
Otherwise I'll "put it on my TODO list" :)
Cheers,
--
Building a better web - http://www.mkdoc.com/
---------------------------------------------
Jean-Michel Hiver
jhiver at mkdoc.com - +44 (0)114 255 8097
Homepage: http://www.webmatrix.net/
More information about the Petal
mailing list