This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
perlsec: #109408
authorBrian Fraser <fraserbn@gmail.com>
Wed, 1 Feb 2012 02:41:16 +0000 (23:41 -0300)
committerFather Chrysostomos <sprout@cpan.org>
Wed, 27 Jun 2012 15:47:09 +0000 (08:47 -0700)
pod/perlsec.pod

index d8470ec..634024d 100644 (file)
@@ -134,10 +134,8 @@ For example:
     @files = <*.c>;            # insecure (uses readdir() or similar)
     @files = glob('*.c');      # insecure (uses readdir() or similar)
 
     @files = <*.c>;            # insecure (uses readdir() or similar)
     @files = glob('*.c');      # insecure (uses readdir() or similar)
 
-    # In Perl releases older than 5.6.0 the <*.c> and glob('*.c') would
-    # have used an external program to do the filename expansion; but in
-    # either case the result is tainted since the list of filenames comes
-    # from outside of the program.
+    # In either case, the results of glob are tainted, since the list of
+    # filenames comes from outside of the program.
 
     $bad = ($arg, 23);         # $bad will be tainted
     $arg, `true`;              # Insecure (although it isn't really)
 
     $bad = ($arg, 23);         # $bad will be tainted
     $arg, `true`;              # Insecure (although it isn't really)