Jon Jensen jon at endpoint.com
Wed Mar 18 02:53:49 UTC 2009


Correct me if I'm wrong, but Interchange has never run in Perl's taint 
mode. It looks like the last time -T mode was used was MiniVend 1.01.

If that's right, there are several apparently needless untainting routines 
in the Interchange codebase that we should be able to remove, mostly in 
Vend::Config and Vend::Search.

There's also one in Vend::Server, but that is probably useful for other 
reasons and the comment just needs to be removed.

There's one in scripts/restart.PL too, and that doesn't run in taint mode 

Does anyone know of a reason we shouldn't remove these?


Jon Jensen
End Point Corporation

