in reply to
Re^4: magic-diamond <> behavior -- WHAT?!
in thread magic-diamond <> behavior -- WHAT?!
Awww man.. now I've got to taint my simple filters?
No, you only need to taint your filters if you do three things at once:
- Use magic open.
- Use a broad shell expansion.
- Run in an untrusted environment.
The answer to "I've untrusted data, and I may be using it in a way that can harm me" is almost always to enable tainting. We don't change operations just because someone is not careful enough when coding. I don't see why magic open should be different.
And it's not just me. On the forum where it matters, p5p, the idea gets shot down as well.