New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
$AUTOLOAD is never tainted #8513
Comments
From rick@bort.caThis is a bug report for perl from rick@bort.ca, $AUTOLOAD appears to be unable to be tainted. This can be a rick@biff:~/perl[33]% cat taintbug.pl $m = shift; sub ok { kill 0, $m } Flags: Site configuration information for perl v5.8.8: Configured by Debian Project at Thu Apr 6 00:35:33 UTC 2006. Summary of my perl5 (revision 5 version 8 subversion 8) configuration: Locally applied patches: @INC for perl v5.8.8: Environment for perl v5.8.8: |
From rick@bort.caOn Wed, Jul 05, 2006 at 10:39:59PM -0700, Rick Delaney wrote:
Patch after .sig. -- Inline Patchdiff -pruN perl-current/gv.c perl-current-dev/gv.c
--- perl-current/gv.c 2006-06-13 15:29:11.000000000 -0400
+++ perl-current-dev/gv.c 2006-07-09 12:13:42.000000000 -0400
@@ -654,7 +654,6 @@ Perl_gv_autoload4(pTHX_ HV *stash, const
sv_setpvn(varsv, packname, packname_len);
sv_catpvs(varsv, "::");
sv_catpvn(varsv, name, len);
- SvTAINTED_off(varsv);
return gv;
}
diff -pruN perl-current/t/op/taint.t perl-current-dev/t/op/taint.t
--- perl-current/t/op/taint.t 2006-06-13 15:29:33.000000000 -0400
+++ perl-current-dev/t/op/taint.t 2006-07-09 14:34:33.000000000 -0400
@@ -17,7 +17,7 @@ use Config;
use File::Spec::Functions;
BEGIN { require './test.pl'; }
-plan tests => 249;
+plan tests => 251;
$| = 1;
@@ -1185,3 +1185,22 @@ SKIP:
test $@ =~ /Insecure \$ENV/, 'popen neglects %ENV check';
}
}
+
+{
+ package AUTOLOAD_TAINT;
+ sub AUTOLOAD {
+ our $AUTOLOAD;
+ return if $AUTOLOAD =~ /DESTROY/;
+ if ($AUTOLOAD =~ /untainted/) {
+ main::ok(!main::tainted($AUTOLOAD), '$AUTOLOAD can be untainted');
+ } else {
+ main::ok(main::tainted($AUTOLOAD), '$AUTOLOAD can be tainted');
+ }
+ }
+
+ package main;
+ my $o = bless [], 'AUTOLOAD_TAINT';
+ $o->$TAINT;
+ $o->untainted;
+}
+ |
From @hvdsRick Delaney <rick@bort.ca> wrote: This should also be documented as a significant change for upgraders. Hugo |
The RT System itself - Status changed from 'new' to 'open' |
From rick@bort.caPing. On Mon, Jul 10, 2006 at 01:03:00PM +0100, hv@crypt.org wrote:
I think a note in perldelta would be sufficient, yes? -- |
From @hvdsRick Delaney <rick@bort.ca> wrote: Yes. Hugo |
From @rgarciaOn 09/07/06, Rick Delaney <rick@bort.ca> wrote:
Thanks, applied as change #28649 (with a note in perldelta) |
@rgs - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#39733 (status was 'resolved')
Searchable as RT39733$
The text was updated successfully, but these errors were encountered: