From: Jarkko Hietaniemi <jhi@iki.fi>
Date: Fri, 12 Apr 2002 13:16:43 +0000 (+0000)
Subject: Add a warning about the symbolic methods and
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=7f6513c1071003ae5bc4d38d5816fd7d293c6346;p=p5sagit%2Fp5-mst-13.2.git

Add a warning about the symbolic methods and
symbolic sub refs not being checked for taint.

p4raw-id: //depot/perl@15875
---

diff --git a/pod/perlsec.pod b/pod/perlsec.pod
index 53192cb..8616c64 100644
--- a/pod/perlsec.pod
+++ b/pod/perlsec.pod
@@ -54,6 +54,23 @@ mechanism.
 
 Arguments to C<print> and C<syswrite> are B<not> checked for taintedness.
 
+=item *
+
+Symbolic methods
+
+    $obj->$method(@args);
+
+and symbolic sub references
+
+    &{$foo}(@args);
+    $foo->(@args);
+
+are not checked for taintedness.  This requires extra carefulness
+unless you want external data to affect your control flow.  Unless
+you carefully limit what these symbolic values are, people are able
+to call functions B<outside> your Perl code, such as POSIX::system,
+in which case they are able to run arbitrary external code.
+
 =back
 
 The value of an expression containing tainted data will itself be