Re: File::Find untaint in taint-mode under Win32

The untaint option does not work as you expect. If you had continued to read the fine manual immediately after the bit you posted it says:

Note that all names passed to the user's I<wanted()> function are still tainted.

Comment on Re: File::Find untaint in taint-mode under Win32

Replies are listed 'Best First'.
Re^2: File::Find untaint in taint-mode under Win32 by Anonymous Monk on Jun 16, 2010 at 11:35 UTC
Yeah, and if you had read the code, you wouldn't have posted a useless comment. Anyway, the problem is that the default untaint_pattern is set to `qr\|^([-+@\w./]+)$\|` and the cwd on windows most likely contains `:`, like in `C:/some/path`. So, you have to fix the untaint pattern using something like: `untaint_pattern => qr\|^([-+@\w./]+)$\|`	[reply] [d/l] [select]
Re^3: File::Find untaint in taint-mode under Win32 by jmcnamara (Monsignor) on May 09, 2011 at 12:17 UTC
In the context of your answer the `untaint_pattern` should probably be: `untaint_pattern => qr\|^([-+@\w./:]+)$\|` [download] Or to allow for Windows style directory separators as well (is that necessary?) something like: `untaint_pattern => qr\|^([-+@\w./:\\]+)$\|` [download] Anyone see any omissions or gotchas here for Windows or other platforms? -- John.	[reply] [d/l] [select]
Re^4: File::Find untaint in taint-mode under Win32 by Anonymous Monk on May 09, 2011 at 14:39 UTC
I don't understand the purpose, why not `/(.*)/` ?	[reply] [d/l]
Re^5: File::Find untaint in taint-mode under Win32 by jmcnamara (Monsignor) on May 09, 2011 at 14:48 UTC