Thanks, your explanation does help. However it seems that in my example $foo is
not tainted, (its value is "
HASH(0x80f8a20)") - only the values of the hash reference are tainted (
%$foo has become dirty because the value of one of the keys was bad). I think you knew this.
Your explanation does mean I can push the tainted data down a level to clean up my hash-ref, eg:
$dirty{text} = <>;
$foo = {
'clean' => '/home/boldra/filename.txt',
'dirty' => \%dirty,
};
open(F,"+>{$foo->{clean}}");
close(F);
Which leaves
$foo->{clean} clean as a whistle.
But I still don't see
why I have to do this. Is it because taint checking is simply clumsy, or is there actually a risk of a user supplying data that perl will accidentally interprect as the boundry between two values in an array?
What I'm worrying about is:
Is $foo->{clean} really tainted (in my original example) or is it a false positive by the taint-checking? If it's really tainted - what sort of cleaning does it need?
Thanks,
-
Boldra
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.