On Mon, 20 Oct 2003, Michael G Schwern wrote: > On Tue, Oct 21, 2003 at 12:24:03AM -0500, Dave Rolsky wrote: > > On Mon, 20 Oct 2003, Andrew Savige wrote: > > > I noticed in Test::Tutorial: > > > "Taint mode is a funny thing. It's the globalest of all global features. > > > Once you turn it on it effects all code in your program and all modules > > > used (and all the modules they use). If a single piece of code isn't > > > taint clean, the whole thing explodes. With that in mind, it's very > > > important to ensure your module works under taint mode." > > > > Not to mention that it's buggy as hell. For example, in various versions > > of Perl I've used there have been rather serious bugs in the regex engine > > when taint mode is on, even when dealing with untainted variables! > > I've never hit anything like this. Do you have examples?
Well, one example comes from my Params::Validate module, where I have this little bit of XS: while (he = hv_iternext(p)) { /* This may be related to bug #7387 on bugs.perl.org */ #if (PERL_VERSION == 5) if (! PL_tainting) #endif SvGETMAGIC(HeVAL(he)); Whee, a random taint related bug. Then there was the time I found that pos() didn't get updated inside s/\G...//gc matches when taint mode was on, for certain versions of Perl working with some strings (but not others). I don't think this bug exists in the current version any more. I could never reproduce this in a concise example, unfortunately. Anyway, my taint mode experience has been that random things break in very weird ways when using it. -dave /*======================= House Absolute Consulting www.houseabsolute.com =======================*/