develooper Front page | perl.perl5.porters | Postings from March 2013

Re: [perl #117215] length =?utf-8?b?JHRhaW50ZWRfdmFy?= is tainted; should it be?

From:
Ed Avis
Date:
March 19, 2013 17:00
Subject:
Re: [perl #117215] length =?utf-8?b?JHRhaW50ZWRfdmFy?= is tainted; should it be?
Message ID:
loom.20130319T175905-910@post.gmane.org
Leon Timmermans <fawaka <at> gmail.com> writes:

>>The value returned by "length" can be tainted even though it's
>>just an integer.  Is this a bug, or is it by design?
>
>AFAIK any $foo = <expression using a tainted value> should make $foo
>tainted, unless stated otherwise.

Agreed.  But this does argue for an untaint() builtin as part of the language,
since doing a regular expression match on something that's always an integer
starts to look a bit daft.

-- 
Ed Avis <eda@waniasset.com>




nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About