andreas1234567 has asked for the wisdom of the Perl Monks concerning the following question:
If find is used in taint-mode (-T command line switch or if EUID != UID or if EGID != GID) then internally directory names have to be untainted before they can be chdir'ed to. Therefore they are checked against a regular expression untaint_pattern.The untaint option works as I expect under Linux, but I can't get it to work under Win32:
Is this a bug?#!perl -T use strict; use warnings; use File::Find; use File::Spec::Functions; my $dir = undef; if ($^O eq q{MSWin32}) { $dir = catfile( qw ( C: src perl test untaint ) ); } else { $dir = catfile( qw ( / home foo test perl untaint ) ); } eval { find({ wanted => sub { print if -f; }, untaint => 1 }, $dir); }; print "find died:$@" if ($@); __END__ C:\src\perl\test\untaint>perl -lT ut.pl ut.pl find died:insecure cwd in find(depth) at C:/Perl/lib/File/Find.pm line + 747. C:\src\perl\test\untaint>perl --version This is perl, v5.8.8 built for MSWin32-x86-multi-thread (with 50 registered patches, see perl -V for more detail) Binary build 820 [274739] provided by ActiveState http://www.ActiveSta +te.com Built Jan 23 2007 15:57:46 $ perl -lT ut.pl ut.pl $ perl --version This is perl, v5.8.5 built for i386-linux-thread-multi
|
|---|
| Replies are listed 'Best First'. | |
|---|---|
|
Re: File::Find untaint in taint-mode under Win32
by tachyon-II (Chaplain) on Dec 20, 2007 at 12:33 UTC | |
by Anonymous Monk on Jun 16, 2010 at 11:35 UTC | |
by jmcnamara (Monsignor) on May 09, 2011 at 12:17 UTC | |
by Anonymous Monk on May 09, 2011 at 14:39 UTC | |
by jmcnamara (Monsignor) on May 09, 2011 at 14:48 UTC |