From: Chip Salzenberg <chip@perl.com>
Date: Wed, 19 Feb 1997 21:58:01 +0000 (+1200)
Subject: Don't taint $x in C<$x = ($tainted =~ /(\w+)/)>
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=9212bbba480c82a883da56c53e3d103dc36aa284;p=p5sagit%2Fp5-mst-13.2.git

Don't taint $x in C<$x = ($tainted =~ /(\w+)/)>
---

diff --git a/pp_ctl.c b/pp_ctl.c
index a667986..c70375b 100644
--- a/pp_ctl.c
+++ b/pp_ctl.c
@@ -123,6 +123,8 @@ PP(pp_substcont)
 	    SV *targ = cx->sb_targ;
 	    sv_catpvn(dstr, s, cx->sb_strend - s);
 
+	    TAINT_IF(cx->sb_rxtainted || rx->exec_tainted);
+
 	    (void)SvOOK_off(targ);
 	    Safefree(SvPVX(targ));
 	    SvPVX(targ) = SvPVX(dstr);
@@ -133,8 +135,7 @@ PP(pp_substcont)
 
 	    (void)SvPOK_only(targ);
 	    SvSETMAGIC(targ);
-	    if (cx->sb_rxtainted)
-		SvTAINTED_on(targ);
+	    SvTAINT(targ);
 	    PUSHs(sv_2mortal(newSViv((I32)cx->sb_iters - 1)));
 	    LEAVE_SCOPE(cx->sb_oldsave);
 	    POPSUBST(cx);
diff --git a/pp_hot.c b/pp_hot.c
index 44981b7..59aec4f 100644
--- a/pp_hot.c
+++ b/pp_hot.c
@@ -781,6 +781,7 @@ PP(pp_match)
     strend = s + len;
     if (!s)
 	DIE("panic: do_match");
+    TAINT_NOT;
 
     if (pm->op_pmflags & PMf_USED) {
 	if (gimme == G_ARRAY)
@@ -868,10 +869,10 @@ play_it_again:
     /*NOTREACHED*/
 
   gotcha:
+    TAINT_IF(rx->exec_tainted);
     if (gimme == G_ARRAY) {
 	I32 iters, i, len;
 
-	TAINT_IF(rx->exec_tainted);
 	iters = rx->nparens;
 	if (global && !iters)
 	    i = 1;
@@ -919,6 +920,7 @@ play_it_again:
     }
 
 yup:
+    TAINT_IF(rx->exec_tainted);
     ++BmUSEFUL(pm->op_pmshort);
     curpm = pm;
     if (pm->op_pmflags & PMf_ONCE)
@@ -949,6 +951,7 @@ nope:
 	++BmUSEFUL(pm->op_pmshort);
 
 ret_no:
+    TAINT_IF(rx->exec_tainted);		/* /\W/ */
     LEAVE_SCOPE(oldsave);
     if (gimme == G_ARRAY)
 	RETURN;
@@ -1396,6 +1399,7 @@ PP(pp_subst)
     s = SvPV(TARG, len);
     if (!SvPOKp(TARG) || SvREADONLY(TARG) || (SvTYPE(TARG) == SVt_PVGV))
 	force_on_match = 1;
+    TAINT_NOT;
 
   force_it:
     if (!pm || !s)
@@ -1456,6 +1460,7 @@ PP(pp_subst)
     if (c && clen <= rx->minlen) {
 	if (! pregexec(rx, s, strend, orig, 0,
 		       SvSCREAM(TARG) ? TARG : Nullsv, safebase)) {
+	    TAINT_IF(rx->exec_tainted);
 	    PUSHs(&sv_no);
 	    LEAVE_SCOPE(oldsave);
 	    RETURN;
@@ -1507,6 +1512,7 @@ PP(pp_subst)
 	    else {
 		sv_chop(TARG, d);
 	    }
+	    TAINT_IF(rxtainted);
 	    PUSHs(&sv_yes);
 	}
 	else {
@@ -1534,12 +1540,12 @@ PP(pp_subst)
 		SvCUR_set(TARG, d - SvPVX(TARG) + i);
 		Move(s, d, i+1, char);		/* include the NUL */
 	    }
+	    TAINT_IF(rxtainted);
 	    PUSHs(sv_2mortal(newSViv((I32)iters)));
 	}
 	(void)SvPOK_only(TARG);
 	SvSETMAGIC(TARG);
-	if (rxtainted)
-	    SvTAINTED_on(TARG);
+	SvTAINT(TARG);
 	LEAVE_SCOPE(oldsave);
 	RETURN;
     }
@@ -1582,6 +1588,8 @@ PP(pp_subst)
 	} while (pregexec(rx, s, strend, orig, s == m, Nullsv, safebase));
 	sv_catpvn(dstr, s, strend - s);
 
+	TAINT_IF(rxtainted);
+
 	(void)SvOOK_off(TARG);
 	Safefree(SvPVX(TARG));
 	SvPVX(TARG) = SvPVX(dstr);
@@ -1592,12 +1600,13 @@ PP(pp_subst)
 
 	(void)SvPOK_only(TARG);
 	SvSETMAGIC(TARG);
-	if (rxtainted)
-	    SvTAINTED_on(TARG);
+	SvTAINT(TARG);
 	PUSHs(sv_2mortal(newSViv((I32)iters)));
 	LEAVE_SCOPE(oldsave);
 	RETURN;
     }
+
+    TAINT_IF(rx->exec_tainted);
     PUSHs(&sv_no);
     LEAVE_SCOPE(oldsave);
     RETURN;