taint mode differences between ActiveState Perl and cPanel Perl

Dandello has asked for the wisdom of the Perl Monks concerning the following question:

I'm trying to 'detaint' a very large legacy script. It now runs properly with strict and warnings (finally) but ActiveState Perl v5.24.3 (on Win7 on an offline Wamp server) and Perl v5.16.3 (on *nix on a commercially hosted VPS using Apache and cPanel) give me different results when 'use tainting' is active.

This is the first time I've had issues (aside from when cleaning up deprecated code) with the differences between ActiveState Perl and what c-Panel installs.

Now, I know there is tainted incoming data - but ActiveState Perl only gave me some of the offenders, not all the offenders.

Any hints on how to 'detaint' on the off-line server when tainting says everything is fine?

Comment on taint mode differences between ActiveState Perl and cPanel Perl

Replies are listed 'Best First'.
Re: taint mode differences between ActiveState Perl and cPanel Perl by Corion (Patriarch) on Jan 19, 2019 at 17:03 UTC
Between 5.16 and 5.24 are about four years of development, so there is some potential for differences in behaviour. Can you maybe show us examples where the code behaves differently? Otherwise, all we can do is to point you to the documentation of the differences from 5.16 to 5.24: perl518delta, perl520delta, perl522delta and perl524delta. In principle, all incoming data is tainted. Taint mode trys to address what you (try) do with that tainted data. Maybe there are some code branches that do not get executed on Windows that do something dangerous with the data? We can only guess at this point in time.	[reply]
Re^2: taint mode differences between ActiveState Perl and cPanel Perl by Dandello (Monk) on Jan 19, 2019 at 18:33 UTC
Head Bang emoji here! The actual problem was some missing CPAN Module dependencies on the *nix server. Tracked those down and (re)installed them and now the taint warnings appear to match up.	[reply]