my $remote = $ENV{REMOTE_ADDR};
return(0) unless grep /$remote/, @$hosts;
No, because the point is that you're using
a regex where you want an exact match, and it's not
anchored either!
This is better:
my $remote = $ENV{REMOTE_ADDR};
return 0 unless grep $remote eq $_, @$hosts;
wouldn't taint have caught this? He's trusting user supplied data (DNS name) in an unsafe way.
No, because simply doing a regex match isn't considered
"external" enough for tainted data to abort it.
-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.