develooper Front page | perl.perl5.porters | Postings from September 2001

[PATCH] Text::Wrap untaints strings

Thread Next
Philip Newton
September 27, 2001 23:09
[PATCH] Text::Wrap untaints strings
Message ID:
Hi, I was using Text::Wrap in a CGI script that used Inline::C and 
things worked. Then I took it out and things broke: my C code said "not 
a string" (an error message from a sanity check that things were POK).

Apparently, this was due to the fact that the data was tainted (since 
it came from user input) and hence was only pPOK but not POK -- but 
when Text::Wrap was used, it untainted my data for me by using regexp 
memories. This is undoubtedly not part of its task :).

So I changed Text::Wrap (in bleadperl) and added "use re 'taint';" to 
the wrap() function. I also changed a couple of occurrences of 
/\Z(?!\n)/ to /\z/, and documented $break (which is in @EXPORT_OK but 
isn't mentioned in the docs).

Should I add a 'require VERSION;' at the beginning for the /\z/ and pragma? If so, which version would be appropriate?

Also, the docs claim that in list context, wrap() and fill() return 
lists rather than a scalar, but I couldn't see that from the code, so I 
deleted that bit from the docs. Perhaps the code was originally changed 
and then changed back without also reverting the docs?

I'm attaching the diff; I hope it comes out readable and not encoded. 
(I don't want to do it inline because of tabs and long lines.)

As always, comments on the patch are welcome (especially about the 
documentation of $break and the removal of the "in list context" bit).

Philip Newton <>

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About