Re: Re: Re: no PerlIO $ENV{TAINTED};

And btw, that regex is not bulletproof. "foo and exit" and a whole bunch of other nasties could slip by.

Incorrect. Not unless \w has suddenly started to match spaces rather than just [A-Za-z0-9_]. Please show me *ANY* nasty that will pass through. Without spaces, && || ; , etc you have no statement separator you can get into that eval to let you add to the require.

my @nasties = (
    'foo and exit',
    "foo\nand\nexit\n",
    "hello",
    "foo\000exit",
);

for my $layer(@nasties) {
    print $layer =~ m/^([\w:]+)$/ ? "OK $layer\n" : "ERR $layer\n";
}
[download]

cheers

tachyon

Comment on Re: Re: Re: no PerlIO $ENV{TAINTED}; Select or Download Code

Replies are listed 'Best First'.

Re: Re: Re: Re: no PerlIO $ENV{TAINTED};
by PodMaster (Abbot) on Apr 13, 2004 at 04:47 UTC

PerlIO::don't

MJD says "you can't just make shit up and expect the computer to know what you mean, retardo!"
I run a Win32 PPM repository for perl 5.6.x and 5.8.x -- I take requests (README).
** The third rule of perl club is a statement of fact: pod is sexy.

[reply]
[d/l]

Re: Re: Re: Re: Re: no PerlIO $ENV{TAINTED};

by bplatz (Initiate) on Apr 13, 2004 at 12:23 UTC

Thank you again folks for your feedback; however, I am looking for a solution that does not modify Perl 5.8.x. I don't want to support a custom patch against the core product. My guess is that this is something that the folks working on the core product are going to have to repair, and for now I'm stuck with "#!/bin/perl -U". Thanks again for your help! Peace.

[reply]

Re: Re: Re: Re: Re: Re: no PerlIO $ENV{TAINTED};

by PodMaster (Abbot) on Apr 13, 2004 at 12:40 UTC

[reply]

Re: tracking down root cause

by bplatz (Initiate) on Apr 13, 2004 at 17:09 UTC

Re: Re: tracking down root cause

by bplatz (Initiate) on Apr 21, 2004 at 13:31 UTC