my $sid = $pxt->param('sid'); ... my %params = validate(@_, { sid => 1 });
added new version of perl-Params-Validate (0.74) which should address this
Bret, any way to replicate this reliably? If so, update the bug. Otherwise, looks like this just goes away and new perl-Params-Validate becomes part of the TODO.
/network/systems/details/edit.pxt seems to be having the most issues on prod. Not really sure how reliable that is for a test though.
fixed with new Params::Validate
test plan?
there is no test plan; this is infrastructural. any breakage would have shown up during normal site usage. so basically any ISEs you see may be caused by this, just report as usual and engineers will handle it
No breakage was noticed.
FAILS_QAing until we know just what's going on w/ IS's 3.2 + updated Params::Validate pkg satellite so we don't loose track of any fix for them.
From Chip's comment: This script reproduces it when run like (script attached to bug): echo 1 | perl -T test-taint.pl Looks like a bug in validate_with. If the param isn't there, and you're in taint mode, and you're using the XS validator, you are screwed hard. Even happens in perl 5.8.3. I'll report it to the maintainer.
Created attachment 101145 [details] Test script that illustrates Params::Validate issue
Deferring to rhn350. We'll keep watching it until something pops out of the Perl maintainer. NOTE: in our case, it appears that the worst problem here is that it masks real errors in RHN code with useless error messages.
Actually, it occurs to be that this should be aligned against Perl itself.
Just closing out old bugs here. We don't ship perl-Params-Validate (the Params::Validate module) in any current RHEL or Fedora release - looks like this bug has become a non-issue. If anyone disagrees, please re-open.