sv_gets and tainting

First of all, should sv_gets function set the sv's taint flag on, if 
PL_tainted and PL_tainting is on?

I think I have noticed a strage thing with the sv_gets function. I think it's
possible that it won't turn the taint bit on the sv, if it exits through the
thats_all_folks label and bypasses the screamer2 label, which is the only
place where a function that will set the taint flag mode are called:

	if (append)
	     sv_catpvn(sv, (char *) buf, cnt);
	else
	     sv_setpvn(sv, (char *) buf, cnt);

but then I'm not sure that it's supposed to make the sv tainted at all. Is it 
possible that the api doc will include the information on when relevant 
functions make the sv they operate on tainted?

Unfortunately I don't have a test case, and I spent many hours trying to
understand how things work, but I failed. Perhaps you will have a better luck.
One of the things that I failed to figure out is when PL_tainted is set.

I think to reproduce it you can call:

$data = $r->slurp_filename;

from mod_perl 1.0 CGI script and if you look at it, it won't be tainted
(tested with Devel::Peek and by stepping through the code with debugger as
well). Of course this is running with PerlTaintCheck On in httpd.conf (equiv 
of -T under mod_perl 1.0).

Any ideas? Am I totaly wrong?

Thanks

__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com


-- 


__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

• sv_gets and tainting by Stas Bekman