[tpm] Taint question
sfryer at sourcery.ca
Thu Aug 30 12:32:30 PDT 2007
What I'd suggest then is a comprimise hack. Develop everthing with -T in
mind (or in place), but remove it from the finished program in the knowledge
that it's already helped you to cover all the bases. Alot of folks do this
with 'use warnings' and 'use diagnostics', using those only for development,
but leaving them out of code deployed in production environments.
On Thu, Aug 30, 2007 at 01:53:54PM -0400, Madison Kelly wrote:
> Shaun Fryer wrote:
> >The culprit is 'use locale' (try commenting it out). Maybe someone else
> >can explain why, but I'm guessing from the man page that it messes with
> >how perl compiles regexes. Sadly, if you replace your regex with /(.*)/,
> >it becomes untainted, even with 'use locale'.
> > Shaun Fryer
> This I suspected, but feared.
> My program is (as best I can make it) internationalized and supports
> non-ascii characters (like Japanese *kana/kanji). I understood (perhaps
> wrongly) that using locale (et. al.) changed the definition of '\w',
> length(), etc to recognize these characters. Shouldn't this flow to
> taint? Obviously, it doesn't seem to though...
> Using (.*?) is essentially the same as giving up on taint all together.
> This isn't desirable. :)
> The still curious Madi
More information about the toronto-pm