develooper Front page | perl.perl5.porters | Postings from December 2004

Re: [perl #22270] tainting inconsistency with . operator

Thread Next
From:
Nicholas Clark
Date:
December 10, 2004 02:23
Subject:
Re: [perl #22270] tainting inconsistency with . operator
Message ID:
20041210102308.GP77507@plum.flirble.org
On Fri, Dec 10, 2004 at 02:42:26AM -0000, Michael G Schwern via RT wrote:
> > Because the first 3 have a C<.> that's already happened by the time we
> > evaluate the C<qx``>, and thus the concatentation of tainted strings
> > during the current expression makes the expression already tainted.  The
> > 4th one hasn't done more than fetch a variable yet, which gives us tainted
> > data on the (perl) stack, but not a tainted expression.
> 
> So is the consensus "not a bug"?

It's documented behaviour. The behaviour of tainting is documented as being
erratic. (Strictly, as having the option of erring on the side of paranoia
if it wants. But couple that with tainting bugs, and I don't consider
"erratic" to be slander)

:-(

I think that it can be closed - I added a todo wishlist item about all this
in pod/perltodo.pod

Nicholas Clark

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About