Skip Menu |
 

This queue is for tickets about the Scalar-List-Utils CPAN distribution.

Report information
The Basics
Id: 55763
Status: resolved
Priority: 0/
Queue: Scalar-List-Utils

People
Owner: Nobody in particular
Requestors: davem [...] iabyn.com
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 1.23
Fixed in: 1.23_02



Subject: tainted() doesn't do SvGETMAGIC(sv)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 686
Download (untitled) / with headers
text/plain 686b
tainted() doesn't run get magic before testing the value for taintedness. This gives effects like the following: use Scalar::Util qw(tainted); sub TIESCALAR { bless {} } sub FETCH { $^X } tie my $t, 'main'; print 'bare $t ', tainted($t) ? 'tainted' : 'not tainted', "\n"; print 'stringy $t ', tainted("$t") ? 'tainted' : 'not tainted', "\n"; which gives: bare $t not tainted stringy $t tainted This originally came up in https://rt.perl.org/rt3/Ticket/Display.html?id=56490 where regex magic vars were incorrectly reported as being not tainted. Rick Delaney suggested adding SvGETMAGIC(sv); Alternatively, tainted() needs documenting that this is how it works. Dave M


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.