Front page | perl.perl5.porters |
Postings from November 2009
2009/11/6 Mark Martinec <Mark.Martinec@ijs.si>: > On Thursday November 5 2009 23:57:05 Rafael Garcia-Suarez wrote: >> > # $1 and $2 become tainted >> > my(@r) = $mailbox =~ /^(.*?)(\@.*)$/ ? ($1,$2) : ($mailbox,''); > [...] >> > $nm =~ s/^aaa-(.*)$/$1/; # $nm becomes tainted > >> At 1st glance I would say that is because $1 and $2 appear in the same >> expression than the tainted $mailbox and thus become tainted, just > > I don't think that is the problem per se. > > The point is that in the s/^aaa-(.*)$/$1/ the $1 is supposed > to get assigned an entirely new value, as captured by the regexp, > and hence it should lose its taintedness flag! I concur, it seems to me to be a bug if $1 becomes tainted at all. I mean the whole way of detainting things is via rewgex capture vars, so if they become tainted it seems like a problem. Yves -- perl -Mre=debug -e "/just|another|perl|hacker/"Thread Previous | Thread Next