Perl Monk, Perl Meditation | |
PerlMonks |
Current Perl documentation can be found at perldoc.perl.org.
Here is our local, out-dated (pre-5.6) version:
See Laundering and Detecting Tainted Data. Here's an example (which doesn't use any system calls, because the
kill()
is given no processes to
signal):
sub is_tainted { return ! eval { join('',@_), kill 0; 1; }; }
This is not -w
clean, however. There is no -w
clean way to detect taintedness - take this as a hint that you should
untaint all possibly-tainted data.