good chemistry is complicated,
and a little bit messy -LW
perl 5.8.4, IO::Socket, and taint checkingby thraxil (Prior)
|on Jun 11, 2004 at 16:32 UTC||Need Help??|
thraxil has asked for the
wisdom of the Perl Monks concerning the following question:
i recently upgraded an old redhat 7.2 box to perl 5.8.4 (from 5.8.0) and have encountered some weirdness with taint-checking and IO::Socket. here's the smallest test-case i could come up with:
i have the following XML file:
and the following perl:
when i run it under perl 5.8.4, i get:
if i run it under 5.8.0, it works as expected.
so how on earth does it still consider $base to be tainted? it passes through the conditional without printing anything, so it certainly looks like it should be untainted.
if i don't get $base through XML::Simple, and instead just say $base = "http://www.google.com", it works. if i don't do any string interpolation in the last line it works. ie, if i change the last line to just:
it looks like some Twiki users have encountered the same problem but haven't found any solution other than turning off taint-checking (which i don't consider a legitimate option on a public server).
so is this a perl bug, or am i missing something really stupid and obvious? can anyone else duplicate it?