|Syntactic Confectionery Delight|
Re^4: Inline.pm and untaintingby syphilis (Chancellor)
|on Jul 28, 2009 at 23:45 UTC||Need Help??|
As for SAFEMODE .... The only thing it appears to do is check to see if the DIRECTORY option is set
Yes, that's all it does.
There's a bug report about the failure of Inline to work as intended wrt the UNTAINT option, which was submitted in June 2005. I think it's about time to fix that bug, to the extent that the behaviour is as the original author intended (no more, no less). I think it's ridiculous to leave a feature in an unusable state for such a length of time, irrespective of the value of that feature. (I'm the current maintainer, btw.)
Patrick LeBoutillier has kindly written patches that fix the problem - except that the windows-specific aspect I've asked about here is not dealt with.
I don't understand taint mode all that well - I certainly don't know what that not ((stat($_)) & 0022) stuff is all about, and I don't need to know. Assuming it does something valid, I just need to know its windows equivalent :-) Anyone ?
At some stage in the future, someone who cares might provide enhancements to Inline's handling of taint mode - and such patches would be received gladly. But for the moment I'd just like to see it working as currently intended (and that ancient bug report closed). As noted, one is not forced to use the UNTAINT option.