The whole idea behind taint is that you are not allowed to do dangerous things with externally supplied data (such as file- or user input). It is called taint as any external data will taint everything else it touches.
eval is a dangerous operation and int is not, so eval $pop_level1 is not allowed and int($pop_level1) is allowed. But try eval $pop_level and again you will get the "insecure" error.
You have to process all your external data though a regex if you want to use them in dangerous operations.
CountZero
A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James
In reply to Re^8: Insecure dependency in open while running with -T switch
by CountZero
in thread Insecure dependency in open while running with -T switch
by vit
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |