in reply to perl 5.8.4, IO::Socket, and taint checking

This really looks like a perl bug to me: 
use use Scalar::Util qw(tainted);
print "\$base is ",tainted($base) ? "" : "not ","tainted\n";
my $url = "$base/index.html";
print "\$url is ",tainted($url) ? "" : "not ","tainted\n";
print get($url);
___OUTPUT___
$base is not tainted
$url is not tainted
Insecure dependency in connect while running with -T switch at /usr/li
+b/perl/5.8/IO/Socket.pm line 114.

[download]

While it works if you set $base to some hard-coded value...

Update:

I also upgraded (from 5.8.0 to 5.8.3) so can anyone confirm if this also happens with a "clean" perl 5.8.3 + install ?
"What should it profit a man, if he should win a flame war, yet lose his cool?"

Replies are listed 'Best First'.
Re^2: perl 5.8.4, IO::Socket, and taint checking
by cfreak (Chaplain) on Jun 12, 2004 at 05:43 UTC
[reply]
Re^2: perl 5.8.4, IO::Socket, and taint checking
by thunders (Priest) on Jun 12, 2004 at 13:22 UTC
    I tested the same script under "perl, v5.8.3 built for i386-linux-thread-multi" which is from Mandrake 10.0's perl-base-5.8.3-5mdk. I did not see any errors like that.
[reply]

In Section Seekers of Perl Wisdom