I'm migrating an intranet server from debian 6 to 9, and perl from 5.10 to 5.24. The web interface when prompted, prints to a dedicated printer. The only difference in the code on the new server is that I've had to set the print command because the default command in Printer is lpr, but for some reason, only lp works at the command line on the new server.
I've reset my $ENV{PATH}, but I'm still receiving taint errors when it tries to print. Of course, everything works just fine from the command line.
The error I'm receiving is... use strict; use Printer; ... $ENV{'PATH'}='/usr/bin'; delete @ENV{'IFS','CDPATH','ENV','BASH_ENV','LPDEST','NPRINTER','NGPRI +NTER'}; ... sub print{ ... my $text=get_text(); my $prn=new Printer('linux' => '6L',); $prn->print_command('linux'=> type=>'pipe', 'command'=> 'lp -d 6L'}); $prn->print($text); }
and so you don't have to look it up, the code for Printer::Unix.pm is:Insecure $ENV{PATH} while running with -T switch File: /usr/local/share/perl/5.24.1/Printer/Unix.pm Line: 127
The Printer.pm versions are identical: 0.98.use Env qw{PRINTER LPDEST NPRINTER NGPRINTER PATH}; #added the following to the original code $ENV{'PATH'}='/usr/bin'; delete @ENV{'IFS','CDPATH','ENV','BASH_ENV'}; ... #line 127 open PRINTER, "| $self->{print_command}->{linux}->{type}" or Carp::croak "Can't open printer connection to $self->{print_comma +nd}->{linux}->{command};
Since I'm resetting ENV{PATH} and deleting all those others, what's going on here?
Update: For grins, I've hard-coded the default command in Printer to lp from lpr and I'm still getting the same error.
Update 2: The print command is working twice and failing on the third attempt. I've also reset ENV{PATH} for Printer.pm, along with Printer::Unix.pm and my code.
In reply to Taint error in Printer module by ksublondie
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |