By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,290 Members | 1,253 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,290 IT Pros & Developers. It's quick & easy.

Insecure dependency in `` while running with -T switch at

P: 8
Dear Friends,

I want to take multi lines from a text box in the webpage and pass to my script which saves this into a database. I wrote code like this

my $desc = $cgi->param('comment');

But it gives some error messages when i click commit button in the web page.

"Insecure dependency in `` while running with -T switch at"

Plz help

Kokul
Dec 13 '07 #1
Share this Question
Share on Google+
6 Replies


eWish
Expert 100+
P: 971
Can we see more of your code?

Meanwhile check out Trouble Shooting Perl CGI Scripts talks about taint mode insecure dependencies. Also check out perlsec.

--Kevin
Dec 13 '07 #2

P: 8
I get a value from the html page using cgi->param function. Then i want to pass this value to access database. But it showing some error...I'll explain the details..
Expand|Select|Wrap|Line Numbers
  1. sub my_func {
  2.  
  3. my $desc = cgi->param('comment');
  4. print "Desc is $desc"; //its works fine. 
  5.  
Now i want to pass this value to database.
Expand|Select|Wrap|Line Numbers
  1. my $dbh = Bugzilla->dbh;
  2.  

Here it's showing error:
undef error - Insecure dependency in parameter 1 of DBI::db=HASH(0xa8a628c)-

But when i give a string instead of $desc in the query it's working fine.

Why the value of $desc is not working with query??

Thanks in advance
Kokul
Dec 13 '07 #3

eWish
Expert 100+
P: 971
What module are you using that has the method Bugzilla? Again, I will need to know (hint: see more code, modules used, etc...) more to help you. At this pace it is going to take a long time.

--Kevin
Dec 13 '07 #4

P: 8
Hi,

I want to take a description (atleast 50 characters) from the html page using cgi->param and store it into a string variable in perl and pass this string variable to a query. for this i wrote the following code
Expand|Select|Wrap|Line Numbers
  1. my $desc = $cgi->param('comment')
  2.  
then the error occured

Software error:
Insecure dependency in exec while running with -T switch at /var/www/html

So i changed the above line to

Expand|Select|Wrap|Line Numbers
  1. my $desc = '';
  2. if ($cgi->param('comment') =~ m/(.+)/) {
  3.    $desc = $1;
  4. }
  5.  
But Its taking only the first line from the text box. I want all the lines in the text box.
How to do that?
Dec 14 '07 #5

eWish
Expert 100+
P: 971
Try this as a test and see if it will return more than just one line. This will work in taint mode as well without returning any errors.

Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/perl -T
  2.  
  3. use strict;
  4. use warnings;
  5.  
  6. use CGI;
  7. use CGI::Carp qw/fatalsToBrowser/;
  8.  
  9. my $q = CGI->new;
  10.  
  11. print $q->header; 
  12. print $q->start_html(); 
  13.  
  14. # Get the params from the form.
  15. my %params = $q->Vars;
  16.  
  17. # Loop through eash param and print them.
  18. foreach my $key (keys %params) {
  19.     print "$key => $params{$key}\n";
  20. }
  21.  
  22.  
  23. print $q->end_html();
  24.  
  25. 1;
If it still just takes the first line can you post a section of your form. It may not be set to multi line input. Just a thought.


--Kevin
Dec 14 '07 #6

KevinADC
Expert 2.5K+
P: 4,059
param('comment') must be a textarea box sending multiline data to the script. He can add the "s" modifier to the regexp to capture all the lines instead of just the first.
Dec 14 '07 #7

Post your reply

Sign in to post your reply or Sign up for a free account.