If find is used in taint-mode (-T command line switch or if EUID != UID or if EGID != GID) then internally directory names have to be untainted before they can be chdir'ed to. Therefore they are checked against a regular expression untaint_pattern.The untaint option works as I expect under Linux, but I can't get it to work under Win32:
Is this a bug?#!perl -T use strict; use warnings; use File::Find; use File::Spec::Functions; my $dir = undef; if ($^O eq q{MSWin32}) { $dir = catfile( qw ( C: src perl test untaint ) ); } else { $dir = catfile( qw ( / home foo test perl untaint ) ); } eval { find({ wanted => sub { print if -f; }, untaint => 1 }, $dir); }; print "find died:$@" if ($@); __END__ C:\src\perl\test\untaint>perl -lT ut.pl ut.pl find died:insecure cwd in find(depth) at C:/Perl/lib/File/Find.pm line + 747. C:\src\perl\test\untaint>perl --version This is perl, v5.8.8 built for MSWin32-x86-multi-thread (with 50 registered patches, see perl -V for more detail) Binary build 820 [274739] provided by ActiveState http://www.ActiveSta +te.com Built Jan 23 2007 15:57:46 $ perl -lT ut.pl ut.pl $ perl --version This is perl, v5.8.5 built for i386-linux-thread-multi
In reply to File::Find untaint in taint-mode under Win32 by andreas1234567
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |