develooper Front page | perl.perl5.porters | Postings from January 2005

Re: [perl #33173] shellwords.pl and tainting

Thread Previous | Thread Next
From:
Rafael Garcia-Suarez
Date:
January 20, 2005 10:48
Subject:
Re: [perl #33173] shellwords.pl and tainting
Message ID:
20050120194810.6fdb2428@grubert.mandrakesoft.com
Alexey Tourbin wrote:
> On Fri, Dec 24, 2004 at 03:19:40PM +0100, Rafael Garcia-Suarez wrote:
> > perl-5.8.0@ton.iguana.be (via RT) wrote:
> > > Below is an updated version of shellwords.pl with the following 
> > > changes:
> > 
> > Thanks, applied as #23681 to blead.
> 
> Hi,
> Here is hopefully a better (incrimental) patch.
> 
> > > - keep taint
> > > - use the local *_ = ref trick to defeat tied $_
> > > - use my variables instead of local, and drop the now unneeded internal
> > >   package
> > > - use \A instead of ^ in the regexes (in case $* still exists and works)
> > > - add a s modifier to the regexes using ., so that newlines can be escaped
> > > - don't advise &fun style calls in the usage section
> 
> - fix also Text::ParseWords which has basically the same code
> - replace shellwords() with Text::ParseWords::old_shellwords
> - use Carp::carp() to report unmatched quotes
> - add tests, place tests into separate file
> 
> 
> --- perl-5.9.2.23688/lib/Text/ParseWords.pm-	2004-07-07 02:03:53 +0400
> +++ perl-5.9.2.23688/lib/Text/ParseWords.pm	2004-12-28 22:25:07 +0300

Thanks, applied as #23838.

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About