There's more than one way to do things | |
PerlMonks |
Re: variable I expect to be tainted isn't: possible explanations?by derby (Abbot) |
on May 21, 2002 at 12:31 UTC ( [id://168093]=note: print w/replies, xml ) | Need Help?? |
Your $two isn't tainted because it is not really
user data or derived from user data (but it is set
based upon the presence of the option). Try
changing it to accept a string parameter to see
what happens:
I'm not sure why your CGI param is not tainted, mine is (CGI.pm version 2.752). -derby update: As for the CGI param not being tainted, when you run under "offline mode", CGI reads from STDIN and passes the data to shellwords (shellwords.pl). shellwords parses the passed data via regex and builds the return value via regex matches - effectively untainting the param. As others have shown, by passing the param on the cmdline (instead of offline), shows the param as tainted.
In Section
Seekers of Perl Wisdom
|
|