Re^3: Taint, CGI and perl 5.10

in reply to Re^2: Taint, CGI and perl 5.10
in thread Taint, CGI and perl 5.10

Your problem can be demonstrated using

perl -Te'printf $ARGV[0]' foo
[download]

The first argument of printf (optional fh aside) is the format pattern. It makes sense to require the pattern to be trusted. Consider %n, for example.

printf $fh <<EOMEOM;
should be
printf $fh "%s", <<EOMEOM;
or simply
print $fh <<EOMEOM;

Your code is buggy, and 5.10 catches your bug.

Comment on Re^3: Taint, CGI and perl 5.10 Select or Download Code

Replies are listed 'Best First'.
Re^4: Taint, CGI and perl 5.10 by nextguru (Scribe) on Mar 11, 2010 at 05:41 UTC
That was it. Thanks much.	[reply]
Re^4: Taint, CGI and perl 5.10 by derby (Abbot) on Mar 11, 2010 at 12:10 UTC
Man ... that was a spot the bug for these eyes. Just to clarify thats: printf $fh print $fh It took me a while to spot the f. -derby	[reply]

In Section Seekers of Perl Wisdom