Short answer: read perlsec.
Long answer: @spec comes from file so it gets tainted. $tmp1 and $tmp2 are derived from @spec so they become tainted too. And $width with $height become tainted because they are derived from $tmp1 and $tmp2.
If you want to unaint $width and $height your code should look like:
sub getfilesize{ my @spec=(); open FH, $file; for (0..9){$spec[$_] = getc(FH);} close FH; my $tmp1 = unpack("H2",$spec[7]).unpack("H2",$spec[6]); my $tmp2 = unpack("H2",$spec[9]).unpack("H2",$spec[8]); $width = unpack('s',pack('s',hex($tmp2))); ($width) = $width =~ /(\d+)/; $height = unpack('s',pack('s',hex($tmp1))); ($height) = $height =~ /(\d+)/; }
BTW if you are looking for simplicity just use Image::Size:
use Image::Size; my ($width, $height) = imgsize($file); ($width) = $width =~ /(\d+)/; ($height) = $height =~ /(\d+)/;
P.S. It is unrelated to your question but you are using bad coding practices in your code. You are using global variables without need: to pass parameters to sub ($file) and to return data from the sub ($width and $height). It is better to rewrite you sub this way:
sub getfilesize{ my $file = shift; my @spec=(); open FH, $file; for (0..9){$spec[$_] = getc(FH);} close FH; my $tmp1 = unpack("H2",$spec[7]).unpack("H2",$spec[6]); my $tmp2 = unpack("H2",$spec[9]).unpack("H2",$spec[8]); my $width = unpack('s',pack('s',hex($tmp2))); ($width) = $width =~ /(\d+)/; my $height = unpack('s',pack('s',hex($tmp1))); ($height) = $height =~ /(\d+)/; return ($width, $height); } # example of sub call my ($width, $height) = getfilesize('/path/to/file.gif');
--
Ilya Martynov
(http://martynov.org/)
In reply to Re: Re: Re: Another day, another Tk question
by IlyaM
in thread Taint error with Tk
by Popcorn Dave
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |