Checking if $^X is a valid file name doesn't make it safe. You might as well use /(.*)/s.
On the plus side, there doesn't appear to be any reason for $^X to be tainted in Windows.
use Win32::Process; sub ErrorReport{ print Win32::FormatMessage( Win32::GetLastError() ); } Win32::Process::Create( my $child, 'c:\\progs\\perl5100\\bin\\perl.exe', 'evil -le"print $^X"', 0, NORMAL_PRIORITY_CLASS, "." ) or die ErrorReport(); $child->Wait(INFINITE);
c:\progs\perl5100\bin\perl.exe
If you trust the perl you are running, then it looks like $^X is safe.
If you don't trust the perl you are running, then it doesn't matter if $^X safe or not.
By the way,
everything that matches qr{^[^/\0]+\z} is a valid file name in unix,
and everything that matches qr{^[^\0]+\z} is a valid file path in unix.
I don't know where you got qr{ (\A[- + @ [:word:] . / ]+)\z }x from.
In reply to Re: One true regexp for untainting windows filenames?
by ikegami
in thread One true regexp for untainting windows filenames?
by jaldhar
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |