Re: [Nms-cgi-devel] Re: [Nms-cgi-support] Re: Nms-cgi-support digest, Vol 1 #10 - 2 msgs

[Jonathan S. <gel...@ge...>]

On Sun, 13 Jan 2002, Nick Cleaton wrote:
> On Sun, Jan 13, 2002 at 01:29:03PM +0000, Jonathan Stowe wrote:
> > On Fri, 11 Jan 2002, Joseph F. Ryan wrote:
> >
> > > Hmmm, I had originally taken the taint switch off in simple search for that
> > > reason.  I wonder how it found its way back in? :)
> >
> > Er, because that isnt the right solution to the problem ;-}  I think that
> > the use of -T is stated in the ground rules, if the File::Find that comes
> > with older Perls can't take it then we will have to find something else to
> > use - Is it possible (or indeed desirable ) to wrap the find() in $^T = 0;
> > ... $^T = 1;   as long as we are content that everything our code is
> > passing to find() is no longer tainted ?
>
> IMO '$^T = 0;' is a bad, bad thing.
>

But if we already trust all of our inputs ... File::Find is getting
worried because it doesnt believe it can trust the directory names ...

> I'd much sooner fall back to using readdir.
>

We will still have the same problem :)

OK. Then we should do our best to mollify taint as far as File::Find is
concerned, then eval {} the find() and then fall back to our own version
on a $@ ?  I have the code for one somewhere I think ...

/J\
-- 
Jonathan Stowe                      |
<http://www.gellyfish.com>          |      This space for rent
                                    |