note
cfreak
Opps must have foobared my test. You are correct
<code>
$a = qq|${system("echo 'hello from system'")}\n|;
$a = "${system(\"echo 'hello from system'\")}\n";
</code>
<br>
do the same thing. Some how I had your example simply printing the string... hmmm
<p></p>
Anyway I read the author to mean to not do this:
<code>
$a = <stdin>;
print "Some string with ${$a}";
</code>
<p>But as you stated I'm finding that doesn't work, which is very strange to me. It seems as though it should, and there could be really cool uses for it.</p>
<p>That said, to get somewhat back on the orginal topic using taint mode is still a good idea, especially in CGI scripts. The trick is to learn what should be untainted and what doesn't have to be.
</p>
127370
127605