Nicholas Clark wrote: > On Tue, Oct 24, 2006 at 08:08:45PM -0400, Christopher H. Laco wrote: > >> With most modules, I agree. But with utility modules like >> Module::Pluggable, File::Find::Recursive, etc, not working under taint > > I'd be surprised if the author of Module::Pluggable wasn't open to patches > to fix this. > > Nicholas Clark >
:-) > 2005-07-09 - 2.9 More Tainting fixes > Patches from Christopher H. Laco and Joe McMahon to do more taint fixing I used that module as an example. I agree with jrockway in that some things can't be pre-untainted; things like CGI/HTTP request params. But modules that don't untaint .* should provide something like File::Finds untaint_pattern instead. I'm a firm believer that everyone should run tests under -T. What use is the vast reusable of CPAN if nothing runs under -T and the users script/server runs under -T? People are forced to either a) not reuse CPAN modules or b) write their own or c) run local patched version....all defeating the purpose. I think planning and testing your modules under -T is just being a good CPANizen; just like warnings/strict and writing pod. -=Chris
signature.asc
Description: OpenPGP digital signature