Re: [perl #72360] tainted $@ taints utf8 substitution result

Front page | perl.perl5.porters | Postings from June 2011

Re: [perl #72360] tainted $@ taints utf8 substitution result

Thread Previous

From:

Dave Mitchell

Date:

June 28, 2011 05:02

Subject:

Re: [perl #72360] tainted $@ taints utf8 substitution result

Message ID:

20110628120217.GD2847@iabyn.com

On Mon, Jan 25, 2010 at 12:17:11PM -0800, Niko Tyni wrote:
> When $@ is tainted, the result of a regexp substitution on an
> utf8 string becomes tainted too for no apparent reason.
> 
> Seen on at least from 5.8.8 up to current blead.
> 
> #!perl -T
> use Scalar::Util q/tainted/;
> $@=$ENV{HOME}; # taint errsv
> $f = "out/abc\x{263A}"; # set the utf8 flag
> print tainted($f), "\n";
> $f =~s!/*[^/]+$!!;
> print tainted($f), "\n";
> __END__
> 
> gives 
> 
> 0
> 1
> 
> when I'd expect
> 
> 0
> 0
> 
> (Originally reported as http://bugs.debian.org/411786 ) 

This was fixed in 5.13.10 and 5.14.0 by commit

    20be6587f85cec282e10810718c869dd958afe43

-- 
Little fly, thy summer's play my thoughtless hand
has terminated with extreme prejudice.
        (with apologies to William Blake)

Thread Previous

[perl #72360] tainted $@ taints utf8 substitution result by Niko Tyni

Re: [perl #72360] tainted $@ taints utf8 substitution result by Dave Mitchell

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About