[Chicago-talk] canonical is_tainted()?
Jim Thomason
thomasoniii at gmail.com
Wed Aug 4 10:26:58 CDT 2004
Looks like somebody decided to whip up a one liner. It's the same code.
The one Andy had was (roughly):
sub is_tainted {
my $value = shift;
my $substr = substr($value, 0, 0); #empty, possibly tainted string
local $@; #don't clobber $@
eval {eval "# $substr"};
return 1 if $@;
}
So I guess it was too deemed too wordy and got crunched down.
-Jim....
On Wed, 4 Aug 2004 10:21:09 -0500 (CDT), Mike Fragassi <frag at ripco.com> wrote:
>
> Andy -- what was the is_tainted from your talk last night?
> The is_tainted from the most recent perlsec isn't the same:
>
> sub is_tainted {
> return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 };
> }
>
> but I recall that the one on your slide seemed to make more sense.
>
> -- Mike F.
More information about the Chicago-talk
mailing list