comment on

but you could argue it is a bug in perl-5.10.0

A yes, Perl 5.10 that explains a few things. Perl 5.8 doesn't complain about an insecure dependency (just checked). I find it difficult to believe that of all the web applications in the world written with CGI.pm using new(), there isn't more chatter over breaking apps with a simple '-' URL value. But I can believe that the majority of those same apps are probably running under Perl 5.8, and maybe not even under taint mode at that.

Still, I'm dumbstruck by CGI's behaviour to use the parameter 'value' in the first place. Sure CGI is complicated, and I don't confess to understand what's going on here. This particular piece of code appears to be related to preserving parameter values between calls (a feature of CGI I've never needed). But what's the point of referencing a filename based on the parameter value?

In reply to Re^2: fileno, taint and CGI.pm by ruzam
in thread fileno, taint and CGI.pm by ruzam

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.