The patch below fixes the problem. You'll need to be careful about whitespace mangling if cut-and-pasting this from the web page, but unfortunately you can't attach to this forum.
I've tried contacting the nominated author of this module (Josh Miller) about this, but no response (hey, I just realised that was a year minus 10 days ago!).
Cheers,
Chris
--- Authen-Captcha-1.023/Captcha.pm.orig 2003-12-18 15:44:34.000000000 +1100
+++ Authen-Captcha-1.023/Captcha.pm 2007-10-19 18:27:34.000000000 +1000
@@ -232,7 +232,11 @@
foreach my $line (@data)
{
$line =~ s/\n//;
- my ($data_time,$data_code) = split(/::/,$line);
+
+ #
+ # Extract untainted time and code
+ #
+ my ($data_time,$data_code) = $line =~ m/(^\d+)::([[:xdigit:]]{32})$/;
my $png_file = File::Spec->catfile($self->output_folder(),$data_code . ".png");
if ($data_code eq $crypt)
@@ -351,7 +355,12 @@
foreach my $line (@data)
{
$line =~ s/\n//;
- my ($data_time,$data_code) = split(/::/,$line);
+
+ #
+ # Extract untainted time and code
+ #
+ my ($data_time,$data_code) = $line =~ m/(^\d+)::([[:xdigit:]]{32})$/;
+
if ( (($current_time - $data_time) > ($self->expire())) ||
($data_code eq $md5) )
{ # remove expired captcha, or a dup
