On 2001-10-14 13:52:07Z, ts <decoux / moulon.inra.fr> wrote:
>  When MOD_RUBY is defined, cgi.rb don't use ENV['QUERY_STRING'] but call
>  Apache::request.args defined by mod_ruby, which seems to return a non
>  tainted string (apachelib.h)
> 
>   #define CSTR2OBJ(s) ((s) ? rb_str_new2(s) : Qnil)

Oops, http://www.modruby.net/doc/faq.en.html#label:5 and
http://www.modruby.net/doc/faq.en.html#label:12