in reply to $TAINTED in latest v2.87

*Sinister is completely shocked and horrified!

I was going to say that this:
$TAINTED = substr($ENV{REQUEST_METHOD}.'',0,0) if defined $ENV{REQUEST_METHOD};
Was prob. the nicest solution to your problem, as it doesn't state: 'my $TAINTED = ...' - I was figuring that $TAINTED was defined earlier.

To make sure I wasn't going to say anything stupid, I did the bad thing of opening the black box and peak into the CGI module.

My hart stopped for a moment! My stumach turned! More then once..! I screamed: "WHERE IS 'use strict;' ??!?!?!!"

Yes, dear monks,
the module we all hold up high, and use a lot in our daily work, does not use strict! *sigh*

er formait hyarya.
-- "Life is a house and the next tornado is never far away"
-- "lovely by nature"

Replies are listed 'Best First'.
Re^2: $TAINTED in latest v2.87
by particle (Vicar) on Oct 10, 2002 at 14:52 UTC
    contrary to popular belief, this is a good thing. strict causes a performance hit of around 30%, which is something a performance-oriented module like CGI would like to avoid.

    i believe what you're seeing is optimized perl, which is not to be mistaken for maintainable perl. i trust the CGI experts who keep this module up to date to do their job, and at the same time hope i'm never called on to debug that mess and make an update.

    ~Particle *accelerates*

Re:2: $TAINTED in latest v2.87
by blakem (Monsignor) on Oct 10, 2002 at 22:20 UTC