You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by mm...@apache.org on 2007/09/10 14:38:59 UTC
svn commit: r574224 - /spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm
Author: mmartinec
Date: Mon Sep 10 05:38:58 2007
New Revision: 574224
URL: http://svn.apache.org/viewvc?rev=574224&view=rev
Log:
make untaint_var() more robust to its environment; simplify taint_var()
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm?rev=574224&r1=574223&r2=574224&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm Mon Sep 10 05:38:58 2007
@@ -257,11 +257,13 @@
# untaint_var(\%ENV);
#
sub untaint_var {
+ no re 'taint'; # override a possible use re 'taint' from outer scope
local ($_) = @_;
return undef unless defined;
unless (ref) {
- /^(.*)$/s;
+ local($1); # avoid Perl taint bug: tainted global $1 propagates taintedness
+ /^(.*)\z/s;
return $1;
}
elsif (ref eq 'ARRAY') {
@@ -293,12 +295,9 @@
my ($v) = @_;
return $v unless defined $v; # can't taint "undef"
- # $^X is apparently "always tainted". We can use this to render
- # a string tainted as follows:
- my $tainter = substr ($^X."_", 0, 1); # get 1 tainted char
- $v .= $tainter; chop $v; # then add and remove it
-
- return $v;
+ # $^X is apparently "always tainted".
+ # Concatenating an empty tainted string taints the result.
+ return $v . substr($^X, 0, 0);
}
###########################################################################