comment on

To make them safe for what? Most most applications, untaint_path might remove the taint flag, but it doesn't make sure they're safe first.

Safe to use in qx//; in taint mode Earlier, I set $ENV{PATH} to q{}. This means I need to use complete paths to every file or command I use and they need to be untainted to prevent the 'insecure dependency' error.

I had forgotten about argv[0]. Now you have led me to realize that running under -T will not really buying me anything here without additional checking.

Hopefully this conversation will remind others to not complacently assume untainted eq secure if nothing else.

--
જલધર

In reply to Re^4: One true regexp for untainting windows filenames? by jaldhar
in thread One true regexp for untainting windows filenames? by jaldhar

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


Pathologically Eclectic Rubbish Lister
	PerlMonks