in reply to how to add web hosting account-wide use lib ?

Taint mode was designed to protect against a shell user who can set environment variables, which is why it ignores $PERL5LIB. In a Web application, however, the environment is not under the control of a potential attacker, so it's not a threat. In many of my perl scripts, I use this code to pay attention to $PERL5LIB even in taint mode: 
BEGIN {
  # Blindly untaint.  Taintchecking is to protect from Web data;
  # the environment is under our control.
  if ($ENV{PERL5LIB} and $ENV{PERL5LIB} =~ /^(.*)$/)
  {
    eval "use lib '$_';"
        foreach (reverse split(/:/,$1));
  }
  if ($ENV{PATH} and $ENV{PATH} =~ /^(.*)$/)
  {
      $ENV{PATH}=$1;
  }
}

[download]

--
sgifford's Web page

Replies are listed 'Best First'.
Re^2: how to add web hosting account-wide use lib ?
by leocharre (Priest) on Jun 21, 2006 at 16:50 UTC

    Thank you!!! This is very interesting, what I had ended up doing was this:

    BEGIN { 
 $ENV{DOCUMENT_ROOT}=~m/^([\w\-\/]+)$/i; 
 eval "use lib '$1/../lib';"; 
}

# this is unreliable:
#BEGIN {
# use lib do {
#   $ENV{DOCUMENT_ROOT}=~m/^([\w\-\/]+)$/i;
# } . '/../lib';
#}

    [download]

    It's similar, (my HOME was not set )just a hack, so there must be some hole the size of *## that I'm not noticing yet.
    It checks a little bit for an ok path

    Is there any setup that by default looks for a perl lib for the user like home/perl-lib ? I guess I'm thinking of maybe some movement to do this by a hosting company, etc. Maybe it's just no big deal. It seems a lot of dabblers and devels would find that to be one more candy piece.

[reply]
[d/l]

In Section Seekers of Perl Wisdom