Perrin Harkins wrote:
On 3/28/07, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> Keep taint mode on in dev, so you can identify your issues in
> development, then turn in off in prod.
Is that actually the generally recommended approach?
It's hard to know for sure that you've tried every code path in dev,
even if you do use coverage analysis.
Here's the bit that's causing the issue...
# DON'T LOOK NOW! - blindly untainting can make you go blind!
$block =~ /(.*)/s;
$block = $1;
$block = eval $block;
That's a little bit nasty, but perfectly valid. $block is coming from a
document containing some sort of code, I think. I didn't dig too deep.
You could add:
warn "BLOCK: $block\n";
just above the eval, which will log all the "blocks" that are being eval
to figure out which one is giving you the trouble.
Rob
