Front page | perl.perl5.porters |
Postings from August 2014
On 07/28/2014 08:16 AM, Philip Boulain (via RT) wrote: > # New Ticket Created by Philip Boulain > # Please include the string: [perl #122424] > # in the subject line of all future correspondence about this issue. > # <URL: https://rt.perl.org/Ticket/Display.html?id=122424 > > > > This is a bug report for perl from philip.boulain@smoothwall.net, > generated with the help of perlbug 1.39 running under perl 5.14.2. > > > ----------------------------------------------------------------- > [Please describe your issue here] > > Unicode::Collate's cmp() always returns zero when comparing > tainted strings. getSortKey() seems to always return a minimal > string for them. > > You can test this with a simple one-liner: > > $ perl -T -MScalar::Util -MUnicode::Collate -Mstrict -w -e 'my $x = > <STDIN>; my $y = <STDIN>; print Scalar::Util::tainted($x) ? "x tainted\n" : > "x not tainted\n"; print Unicode::Collate->new()->cmp($x, $y); print "\n";'; > a > b > x tainted > 0 > > (Type the 'a' and 'b'.) > > If you remove the -T option, you get the expected output: > > x not tainted > -1 > > There does not appear to be any documentation on > Unicode::Collate's behaviour in taint mode. > > [Please do not change anything below this line] > ----------------------------------------------------------------- I ran the one-liner on blead adn v5.20.0, and it gives the output you said is expected. So this bug appears to have been fixed somewhere along the line. (I haven't delved deeper to figure out how to get tainted input doing a bisect.) Also, Unicode::Collate is maintained from CPAN, so tickets should be filed against it, not the Perl core. I'm taking this ticket to remind me to close it in 7 days unless I hear otherwise.Thread Previous