/* taint.c
*
* Copyright (C) 1993, 1994, 1995, 1996, 1997, 1998, 1999,
/* taint.c
*
* Copyright (C) 1993, 1994, 1995, 1996, 1997, 1998, 1999,
- * 2000, 2001, 2002, by Larry Wall and others
+ * 2000, 2001, 2002, 2003, 2004, 2005, 2006, by Larry Wall and others
*
* You may distribute under the terms of either the GNU General Public
* License or the Artistic License, as specified in the README file.
*
* You may distribute under the terms of either the GNU General Public
* License or the Artistic License, as specified in the README file.
"%s %d %"UVuf" %"UVuf"\n",
s, PL_tainted, uid, euid));
}
# else
{
"%s %d %"UVuf" %"UVuf"\n",
s, PL_tainted, uid, euid));
}
# else
{
"%s %d %"IVdf" %"IVdf"\n",
s, PL_tainted, uid, euid));
}
"%s %d %"IVdf" %"IVdf"\n",
s, PL_tainted, uid, euid));
}
"IFS", /* most shells' inter-field separators */
"CDPATH", /* ksh dain bramage #1 */
"ENV", /* ksh dain bramage #2 */
"IFS", /* most shells' inter-field separators */
"CDPATH", /* ksh dain bramage #1 */
"ENV", /* ksh dain bramage #2 */
* it probably doesn't reflect the actual environment */
if (!GvHV(PL_envgv) || !(SvRMAGICAL(GvHV(PL_envgv))
&& mg_find((SV*)GvHV(PL_envgv), PERL_MAGIC_env))) {
* it probably doesn't reflect the actual environment */
if (!GvHV(PL_envgv) || !(SvRMAGICAL(GvHV(PL_envgv))
&& mg_find((SV*)GvHV(PL_envgv), PERL_MAGIC_env))) {
- (void)sprintf(name,"DCL$PATH;%d", i);
- svp = hv_fetch(GvHVn(PL_envgv), name, strlen(name), FALSE);
+ len = my_sprintf(name,"DCL$PATH;%d", i);
+ svp = hv_fetch(GvHVn(PL_envgv), name, len, FALSE);
- STRLEN n_a;
- bool was_tainted = PL_tainted;
- char *t = SvPV(*svp, n_a);
- char *e = t + n_a;
+ STRLEN len;
+ const bool was_tainted = PL_tainted;
+ const char *t = SvPV_const(*svp, len);
+ const char * const e = t + len;
- svp = hv_fetch(GvHVn(PL_envgv), *e, strlen(*e), FALSE);
+ SV * const * const svp = hv_fetch(GvHVn(PL_envgv), *e, strlen(*e), FALSE);
if (svp && *svp != &PL_sv_undef && SvTAINTED(*svp)) {
TAINT;
taint_proper("Insecure $ENV{%s}%s", *e);
}
}
}
if (svp && *svp != &PL_sv_undef && SvTAINTED(*svp)) {
TAINT;
taint_proper("Insecure $ENV{%s}%s", *e);
}
}
}