>>>>> "S" == Stefan Scholl <stesch / no-spoon.de> writes:

S> I don't know how this could happen. ENV['QUERY_STRING'] is
S> tainted.

 When MOD_RUBY is defined, cgi.rb don't use ENV['QUERY_STRING'] but call
 Apache::request.args defined by mod_ruby, which seems to return a non
 tainted string (apachelib.h)

  #define CSTR2OBJ(s) ((s) ? rb_str_new2(s) : Qnil)


Guy Decoux