Clear questions and runnable code get the best and fastest answer |
|
PerlMonks |
Re: Taint checking?by graff (Chancellor) |
on Jul 02, 2009 at 04:04 UTC ( [id://776630]=note: print w/replies, xml ) | Need Help?? |
Well, since there is no "s" modifier on the regex, it is at least But if the whole script were in my hands, the next thing I would do would be to search for occurrences/uses of $command_str outside (following) that if block, because any such occurrence/usage could be getting a still-tainted value (in the case where that "if" condition wasn't met). (Update: and then, of course, I would also look very carefully at how this variable is being used inside that "if" block.)
In Section
Seekers of Perl Wisdom
|
|