Re: NETaa14816: tzname[] and SunOS - Here's a patch

[perl5.git] / taint.c

diff --git a/taint.c b/taint.c
index 23a1b07..6c64b39 100644 (file)
--- a/taint.c
+++ b/taint.c
@@ -1,3 +1,9 @@
+/*
+ * "...we will have peace, when you and all your works have perished--and
+ * the works of your dark master to whom you would deliver us.  You are a
+ * liar, Saruman, and a corrupter of men's hearts."  --Theoden
+ */
+
 #include "EXTERN.h"
 #include "perl.h"
 
@@ -44,17 +50,21 @@ taint_env()
     if (tainting) {
        MAGIC *mg = 0;
        svp = hv_fetch(GvHVn(envgv),"PATH",4,FALSE);
-       if (!svp || *svp == &sv_undef || (mg = mg_find(*svp, 't'))) {
-           tainted = 1;
+       if (!svp || *svp == &sv_undef ||
+         ((mg = mg_find(*svp, 't')) && mg->mg_len & 1))
+       {
+           tainted = TRUE;
            if (mg && MgTAINTEDDIR(mg))
-               taint_proper("Insecure directory in %s%s", "PATH");
+               taint_proper("Insecure directory in %s%s", "$ENV{PATH}");
            else
-               taint_proper("Insecure %s%s", "PATH");
+               taint_proper("Insecure %s%s", "$ENV{PATH}");
        }
        svp = hv_fetch(GvHVn(envgv),"IFS",3,FALSE);
-       if (svp && *svp != &sv_undef && mg_find(*svp, 't')) {
-           tainted = 1;
-           taint_proper("Insecure %s%s", "IFS");
+       if (svp && *svp != &sv_undef &&
+         (mg = mg_find(*svp, 't')) && mg->mg_len & 1)
+       {
+           tainted = TRUE;
+           taint_proper("Insecure %s%s", "$ENV{IFS}");
        }
     }
 }