in reply to Re: use re 'taint' with s/// operator
in thread use re 'taint' with s/// operator

Well its rather more philosophical question, than a real life situation... Why I would like to "replace bits of a tainted string with other bits and continue to consider it tainted"? Well simple example 
sub get_file_and_args {
    my ($path, ) = @_;
    my (@info, );
    while (1) {
        last if ((@info = stat ($path)));
        last if ($path !~ s{^(/.+)(/+.*)}{$1});
        push (@args, $2);
    }
    
    return ($path, \@args);
}

[download]
where $path = '/path/to/a///file/with///few//args'; and is tainted.

Later on I want to force checking both $path and @args values (by tainting them) because I cant really be sure who and how is using them. Im not discussing if the same result can be achieved in any other 'better' or elegant way because the answer is 'yes, of course!' - I just want to show that there might be a reason "to replace bits of a tainted string with other bits and continue to consider it tainted".

Replies are listed 'Best First'.
Re^3: use re 'taint' with s/// operator
by BrowserUk (Patriarch) on Nov 19, 2010 at 15:07 UTC
    Well its rather more philosophical question, than a real life situation...

    The only answer to that is, there is a difference in philosophy between you and the author of the pragma :)

    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]

In Section Seekers of Perl Wisdom