This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
https://perl5.git.perl.org / perl5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2a62c8c) | patch
fix tainting of s/// with overloaded replacement
authorZefram <zefram@fysh.org>
Sun, 19 Nov 2017 09:15:53 +0000 (09:15 +0000)
committerZefram <zefram@fysh.org>
Sun, 19 Nov 2017 09:22:17 +0000 (09:22 +0000)
commitc4f4b223e71713a6e8ae2141274c91f4ce821405
tree677bb0f923e789615d262d63fbb59d3c4a5d46d4tree | snapshot
parent2a62c8c9d9eee8648a81ba731c18be302e19dc4bcommit | diff
fix tainting of s/// with overloaded replacement

The substitution code was trying to track the taintedness of the
replacement string itself, but it didn't account for the replacement
being an untainted object with overloading that returns a tainted
stringification.  It looked at the taintedness of the object value, not
realising that taint could arise during the string concatenation per se.
Change the taint checks to look at the actual TAINT_get flag after string
concatenation.  This may falsely ascribe to the replacement taint that
actually came from somewhere else, but the end result is the same anyway:
there's no visible behaviour that distinguishes taint specifically from
the replacement.  Also remove a related taint check that seems to be
not needed at all.  Fixes [perl #115266].
pod/perldelta.pod diff | blob | blame | history
pp_ctl.c diff | blob | blame | history
pp_hot.c diff | blob | blame | history
t/op/taint.t diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.