develooper Front page | perl.perl5.porters | Postings from April 2007

Re: Tainted coderefs and other things

Thread Previous | Thread Next
From:
Ævar Arnfjörð Bjarmason
Date:
April 30, 2007 22:10
Subject:
Re: Tainted coderefs and other things
Message ID:
51dd1af80704302210j11fddad0ubb0234aa746eca30@mail.gmail.com
On 4/30/07, David Nicol <davidnicol@gmail.com> wrote:
> On 4/29/07, Ævar Arnfjörð Bjarmason <avarab@gmail.com> wrote:
>
> > I test for this amongst other things in Taint::Util's t/usage.t test.
> > It also allows you to taint any reference (including coderefs) but
> > that's manual mucking around with SV*'s as has been pointed out.
>
> So what are the implications of a tainted coderef?  Are any results
> tainted, or has that particular situation not been allowed for?

The implications for all tainted references is the same: their
stringified forms become tainted. This is why tainting of the qr//
object (which is a reference) works, the only difference between it
and normal objects is that is magically stringifies to the wrapped
pattern instead of something like Regexp=SCALAR(0x814f5c4).

So no, the results of a tainted coderef will not be tainted since
tainting is a per-scalar thing, the coderef itself could of course
return a tainted scalar or be evaluated in an expression that
contained other tainted data..

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About