A fix for shellwords.pl (leave tainted variables tainted)by Ovid (Cardinal)
|on May 21, 2002 at 16:27 UTC||Need Help??|
kudra wrote: I'm still not convinced it should be leaving them untainted rather than explicitly retainting them, but at least now I know why this is happening.
I think you're right. These variables should be left tainted. The following hack will leave them tainted.
The only problem with this is that if something calls shellwords.pl with several variables, but only one is tainted, then *all* returned variables will be tainted. Is this a problem? I shouldn't think so, but I'm not sure. Also, who the heck would I submit this to? There's no name in the script and it looks like it's part of the standard distribution.
Update: chromatic suggested that it could be submitted to Perl 5 Porters. Will do.
Update 2: Benjamin Goldberg replied that my goal was good, but suggested using the 're' pragma. I resubmitted the patch to p5p as follows:
Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.