X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2Fre.pm;h=b7375e3e71f0f319065248bb798da5888720f7fd;hb=e4d48cc9bddb8984cf12bdfbcbac9580d192b5a5;hp=ff38c41286c85d1e22f9baaa305d179c9c9ac740;hpb=06b3afcdfc1f3e17cec01aa39ec73f3f3165a28e;p=p5sagit%2Fp5-mst-13.2.git diff --git a/lib/re.pm b/lib/re.pm index ff38c41..b7375e3 100644 --- a/lib/re.pm +++ b/lib/re.pm @@ -6,26 +6,42 @@ re - Perl pragma to alter regular expression behaviour =head1 SYNOPSIS - ($x) = ($^X =~ /^(.*)$/s); # $x is not tainted here + use re 'taint'; + ($x) = ($^X =~ /^(.*)$/s); # $x is tainted here - use re "taint"; - ($x) = ($^X =~ /^(.*)$/s); # $x _is_ tainted here + use re 'eval'; + /foo(?{ $foo = 1 })bar/; # won't fail (when not under -T switch) + + { + no re 'taint'; # the default + ($x) = ($^X =~ /^(.*)$/s); # $x is not tainted here + + no re 'eval'; # the default + /foo(?{ $foo = 1 })bar/; # disallowed (with or without -T switch) + } =head1 DESCRIPTION When C is in effect, and a tainted string is the target of a regex, the regex memories (or values returned by the m// operator -in list context) are tainted. +in list context) are tainted. This feature is useful when regex operations +on tainted data aren't meant to extract safe substrings, but to perform +other transformations. -This feature is useful when regex operations on tainted data aren't -meant to extract safe substrings, but to perform other transformations. +When C is in effect, a regex is allowed to contain +C<(?{ ... })> zero-width assertions (which may not be interpolated in +the regex). That is normally disallowed, since it is a potential security +risk. Note that this pragma is ignored when perl detects tainted data, +i.e. evaluation is always disallowed with tainted data. See +L. See L. =cut my %bitmask = ( -taint => 0x00100000 +taint => 0x00100000, +eval => 0x00200000, ); sub bits {