Menu
▾
▴
Re: [Nms-cgi-devel] Re: [Nms-cgi-support] Re: Nms-cgi-support digest, Vol 1 #10 - 2 msgs
|
From: Nick C. <ni...@cl...> - 2002-01-13 22:22:59
|
On Sun, Jan 13, 2002 at 06:49:44PM +0000, Jonathan Stowe wrote:
> >
> > IMO '$^T = 0;' is a bad, bad thing.
>
> But if we already trust all of our inputs ... File::Find is getting
> worried because it doesnt believe it can trust the directory names ...
I still don't like turning off taint checking, even for little
bits of the code. It makes me cringe.
> > I'd much sooner fall back to using readdir.
> >
>
> We will still have the same problem :)
If we do the find ourselves using readdir, we can detaint the
return values from readdir and Cwd::cwd() before passing them
to chdir (as File::Find can be made to do in later versions)
or just avoid the issue by not using chdir (like post 5.6
File::Find with the no_chdir option).
> OK. Then we should do our best to mollify taint as far as File::Find is
> concerned, then eval {} the find() and then fall back to our own version
> on a $@ ? I have the code for one somewhere I think ...
That'd work.
--
Nick
|
