Checking if $^X is a valid file name doesn't make it safe. You might as well use /(.*)/s.
On the plus side, there doesn't appear to be any reason for $^X to be tainted in Windows.
use Win32::Process;
sub ErrorReport{
print Win32::FormatMessage( Win32::GetLastError() );
}
Win32::Process::Create(
my $child,
'c:\\progs\\perl5100\\bin\\perl.exe',
'evil -le"print $^X"',
0,
NORMAL_PRIORITY_CLASS,
"."
)
or die ErrorReport();
$child->Wait(INFINITE);
c:\progs\perl5100\bin\perl.exe
If you trust the perl you are running, then it looks like $^X is safe.
If you don't trust the perl you are running, then it doesn't matter if $^X safe or not.
By the way,
everything that matches qr{^[^/\0]+\z} is a valid file name in unix,
and everything that matches qr{^[^\0]+\z} is a valid file path in unix.
I don't know where you got qr{ (\A[- + @ [:word:] . / ]+)\z }x from.