Re: [perl #39733] $AUTOLOAD is never tainted

Message-ID: <20060709190150.GA1922@localhost.localdomain>

Plus a note in perldelta

p4raw-id: //depot/perl@28649

diff --git a/gv.c b/gv.c
index 4187c18..da6b2ad 100644 (file)
--- a/gv.c
+++ b/gv.c
@@ -654,7 +654,6 @@ Perl_gv_autoload4(pTHX_ HV *stash, const char *name, STRLEN len, I32 method)
     sv_setpvn(varsv, packname, packname_len);
     sv_catpvs(varsv, "::");
     sv_catpvn(varsv, name, len);
-    SvTAINTED_off(varsv);
     return gv;
 }
 

diff --git a/pod/perl594delta.pod b/pod/perl594delta.pod
index ef374ee..a6b92b6 100644 (file)
--- a/pod/perl594delta.pod
+++ b/pod/perl594delta.pod
@@ -27,6 +27,11 @@ file. (This trick is used by Pugs.)
 The special arrays C<@-> and C<@+> are no longer interpolated in regular
 expressions.
 
+=head2 $AUTOLOAD can now be tainted
+
+If you call a subroutine by a tainted name, and if it defers to an
+AUTOLOAD function, then $AUTOLOAD will be (correctly) tainted.
+
 =head1 Core Enhancements
 
 =head2 state() variables

diff --git a/t/op/taint.t b/t/op/taint.t
index 03bcc65..8311690 100755 (executable)
--- a/t/op/taint.t
+++ b/t/op/taint.t
@@ -17,7 +17,7 @@ use Config;
 use File::Spec::Functions;
 
 BEGIN { require './test.pl'; }
-plan tests => 249;
+plan tests => 251;
 
 $| = 1;
 
@@ -1185,3 +1185,22 @@ SKIP:
        test $@ =~ /Insecure \$ENV/, 'popen neglects %ENV check';
     }
 }
+
+{
+    package AUTOLOAD_TAINT;
+    sub AUTOLOAD {
+        our $AUTOLOAD;
+        return if $AUTOLOAD =~ /DESTROY/;
+        if ($AUTOLOAD =~ /untainted/) {
+            main::ok(!main::tainted($AUTOLOAD), '$AUTOLOAD can be untainted');
+        } else {
+            main::ok(main::tainted($AUTOLOAD), '$AUTOLOAD can be tainted');
+        }
+    }
+
+    package main;
+    my $o = bless [], 'AUTOLOAD_TAINT';
+    $o->$TAINT;
+    $o->untainted;
+}
+