in reply to Re: Taint mode
in thread Taint mode

Except perl doesn't understand the ~username syntax, so a path starting with ~username will never be the current path, because perl won't expand the tilde. (And I've never heard this before, perlsec doesn't say anything that I can see about taint mode removing the current directory from @INC, and a quick test with 5.8.0 and 5.6.1 doesn't show this behavior.)

We're not surrounded, we're in a target-rich environment!

Replies are listed 'Best First'.
Re: Re: Re: Taint mode
by davorg (Chancellor) on Apr 07, 2003 at 14:48 UTC
    Except perl doesn't understand the ~username syntax, so a path starting with ~username will never be the current path, because perl won't expand the tilde.

    Good point. It works on the command line tho' as that's expanded by the shell.

    (And I've never heard this before, perlsec doesn't say anything that I can see about taint mode removing the current directory from @INC, and a quick test with 5.8.0 and 5.6.1 doesn't show this behavior.)

    Strange. It works here with both 5.6.0 and 5.6.1. Don't know why it isn't in perlsec tho'.

    $ perl -le 'print "@INC"'
/usr/lib/perl5/5.6.0/i586-linux /usr/lib/perl5/5.6.0 /usr/lib/perl5/si
+te_perl/5.6.0/i586-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl
+5/site_perl .
$ perl -Tle 'print "@INC"'
/usr/lib/perl5/5.6.0/i586-linux /usr/lib/perl5/5.6.0 /usr/lib/perl5/si
+te_perl/5.6.0/i586-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl
+5/site_perl

    [download]

    Notice the '.' which is missing from the end of the second version.

    --
    <http://www.dave.org.uk>

    "The first rule of Perl club is you do not talk about Perl club."
    -- Chip Salzenberg

[reply]
[d/l]

In Section Seekers of Perl Wisdom