Taint functions and $1
Frédéric Buclin
LpSolit at gmail.com
Thu Jun 16 19:14:18 UTC 2005
Christian Robottom Reis a écrit :
> I'm not a Perl wizard, and therefore running into
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=297928
>
> was a surprise for me today. Moral of the story: don't rely on the
> value of $1 if the match for something failed; failed matches don't
> reset $1. Code that does
>
> $foo =~ /(\d+)/;
> $bar = $1;
>
> is buggy for the same reason.
Bug 297928: detaint_natural, detaint_signed and trick_taint shouldn't
rely on $1
FIXED on the trunk, 2.18 and 2.16 branches!
Tip:
Checking in Bugzilla/Util.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Util.pm,v <-- Util.pm
new revision: 1.28; previous revision: 1.27
done
2.18.1:
Checking in Bugzilla/Util.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Util.pm,v <-- Util.pm
new revision: 1.12.2.4; previous revision: 1.12.2.3
done
2.16.10:
Checking in globals.pl;
/cvsroot/mozilla/webtools/bugzilla/globals.pl,v <-- globals.pl
new revision: 1.169.2.30; previous revision: 1.169.2.29
done
More information about the developers
mailing list