From: Rick Delaney Date: Sun, 9 Jul 2006 15:01:50 +0000 (-0400) Subject: Re: [perl #39733] $AUTOLOAD is never tainted X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=5d121f7f3e622b953c8ef74cf9c345d07e4f4ed7;p=p5sagit%2Fp5-mst-13.2.git Re: [perl #39733] $AUTOLOAD is never tainted Message-ID: <20060709190150.GA1922@localhost.localdomain> Plus a note in perldelta p4raw-id: //depot/perl@28649 --- diff --git a/gv.c b/gv.c index 4187c18..da6b2ad 100644 --- a/gv.c +++ b/gv.c @@ -654,7 +654,6 @@ Perl_gv_autoload4(pTHX_ HV *stash, const char *name, STRLEN len, I32 method) sv_setpvn(varsv, packname, packname_len); sv_catpvs(varsv, "::"); sv_catpvn(varsv, name, len); - SvTAINTED_off(varsv); return gv; } diff --git a/pod/perl594delta.pod b/pod/perl594delta.pod index ef374ee..a6b92b6 100644 --- a/pod/perl594delta.pod +++ b/pod/perl594delta.pod @@ -27,6 +27,11 @@ file. (This trick is used by Pugs.) The special arrays C<@-> and C<@+> are no longer interpolated in regular expressions. +=head2 $AUTOLOAD can now be tainted + +If you call a subroutine by a tainted name, and if it defers to an +AUTOLOAD function, then $AUTOLOAD will be (correctly) tainted. + =head1 Core Enhancements =head2 state() variables diff --git a/t/op/taint.t b/t/op/taint.t index 03bcc65..8311690 100755 --- a/t/op/taint.t +++ b/t/op/taint.t @@ -17,7 +17,7 @@ use Config; use File::Spec::Functions; BEGIN { require './test.pl'; } -plan tests => 249; +plan tests => 251; $| = 1; @@ -1185,3 +1185,22 @@ SKIP: test $@ =~ /Insecure \$ENV/, 'popen neglects %ENV check'; } } + +{ + package AUTOLOAD_TAINT; + sub AUTOLOAD { + our $AUTOLOAD; + return if $AUTOLOAD =~ /DESTROY/; + if ($AUTOLOAD =~ /untainted/) { + main::ok(!main::tainted($AUTOLOAD), '$AUTOLOAD can be untainted'); + } else { + main::ok(main::tainted($AUTOLOAD), '$AUTOLOAD can be tainted'); + } + } + + package main; + my $o = bless [], 'AUTOLOAD_TAINT'; + $o->$TAINT; + $o->untainted; +} +