The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Neomail error

Discussion in 'E-mail Discussions' started by ehsan, Dec 17, 2002.

  1. ehsan

    ehsan Well-Known Member

    Joined:
    Dec 11, 2001
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    16
    When trying to move to trash I get:

    Software error:
    Insecure dependency in open while running with -T switch at /usr/local/cpanel/base/neomail/neomail.pl line 2447.

    any Idea?
     
  2. atjeu

    atjeu Member
    PartnerNOC

    Joined:
    Feb 15, 2002
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Phoenix, AZ
    we have the same exact error with all clients on cpanel...
     
  3. atjeu

    atjeu Member
    PartnerNOC

    Joined:
    Feb 15, 2002
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Phoenix, AZ
    FROM: Jonathan MillerDATE: 08/26/2002 14:18:14SUBJECT: [Neomail-users] insecure dependency with perl 5.8.0 Saw someone else having this same problem when running setuid root with Perl
    5.8.0:

    Insecure dependency in open while running with -T switch at
    /usr/local/httpd/cgi-bin/neomail.pl line 2775.

    I tracked down the tainted variable to be the global $folder which is read
    directly from the web form. There is code to validate the variable, but it
    still sets off Perl's newer taint check.

    Here's the fix I implemented, starting at line 193 in neomail.pl:

    my $folder;
    my @validfolders;
    if ($user) {
    my $isvalid = 0;
    @validfolders = @{&getfolders()};
    if (param(&folder&)) {
    my $basketcase = param(&folder&); # CHANGED LINE
    foreach my $checkfolder (@validfolders) {
    if ($basketcase eq $checkfolder) { # CHANGED LINE
    $folder = $checkfolder; # ADDED LINE
    $isvalid = 1;
    last;
    }
    }
    ($folder = 'INBOX') unless ( $isvalid );
    } else {
    $folder = &INBOX&;
    }
    }
     
Loading...

Share This Page