I've no problem with providing documentation that warns of the potential danger - in fact, mainly as a result of your suggestions, I'm now also thinking of having the use of both UNTAINT and SAFEMODE options generate a warning about the inadvisability of using them.

I left things as they are (wrt tainting) in the last Inline::C update, partly to give me more time to think about what to do with it ... and I'm still finding most options unpalatable.

I don't like the idea of just leaving it as is - that seems silly to me (despite the pragmatic wisdom). Surely it should be either fixed or removed.
I certainly have no intention of personally trying to add improvements (that would be disastrous), and yet I consider that I would be acting in bad faith if I just went ahead and removed all of that code that Ingy (I presume it was he) had gone to so much trouble to put in place in the beginning.

So, I still find myself leaning towards applying Patrick's patches - but, yes, with stern warnings about the dangers of using this particular piece of rope. (Thanks for the cautionary advice.)

Ingy was recently making noises about once again contributing to Inline - I might yet try and contact him and find out just what his vision for untainting actually was, and how he thinks it should be dealt with in the present and future.

Cheers,
Rob

In reply to Re^6: Inline.pm and untainting by syphilis
in thread Inline.pm and untainting by syphilis

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.