develooper Front page | perl.perl5.porters | Postings from March 2007

Re: [PATCH] Re: [perl #32687] Encode::is_utf8 on tainted UTF8 string returns false

Thread Previous
From:
Rafael Garcia-Suarez
Date:
March 22, 2007 11:27
Subject:
Re: [PATCH] Re: [perl #32687] Encode::is_utf8 on tainted UTF8 string returns false
Message ID:
b77c1dce0703221127q75b85a6bh473b4ec383096700@mail.gmail.com
On 16/11/06, Rafael Garcia-Suarez <rgarciasuarez@mandriva.com> wrote:
> Mark Martinec (via RT) wrote:
> > The Encode::is_utf8() on an UTF-8 character string
> > returns false if the string is tainted.
> > (whereas the utf8::is_utf8 produces correct results)
> >
> > INCORRECT:  ($a is tainted)
> >   perl -Te 'use Encode; $a="\x{263a}.$0";
> >             printf "(%s,%s)\n", Encode::is_utf8($a), utf8::is_utf8($a)'
> >   (,1)
> >
> > correct:   ($a not tainted)
> >   perl -Te 'use Encode; $a="\x{263a}";
> >             printf "(%s,%s)\n", Encode::is_utf8($a), utf8::is_utf8($a)'
> >   (1,1)
> >
> > As far as I tried, this is not specific to a platform.
>
> This patch to Encode solves the problem : (tainted strings are not
> POK due to taint magic)
>
> Dan, would you consider adding it to your version ?
>
> --- ext/Encode/Encode.xs        (révision 8858)
> +++ ext/Encode/Encode.xs        (copie de travail)
> @@ -757,15 +757,11 @@ CODE:
>  {
>      if (SvGMAGICAL(sv)) /* it could be $1, for example */
>      sv = newSVsv(sv); /* GMAGIG will be done */
> -    if (SvPOK(sv)) {
>      RETVAL = SvUTF8(sv) ? TRUE : FALSE;
>      if (RETVAL &&
>          check  &&
>          !is_utf8_string((U8*)SvPVX(sv), SvCUR(sv)))
>          RETVAL = FALSE;
> -    } else {
> -    RETVAL = FALSE;
> -    }
>      if (sv != ST(0))
>      SvREFCNT_dec(sv); /* it was a temp copy */
>  }
> End of Patch.
>

I applied this change to bleadperl as #30693.

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About