should the untaint() function be documented?

Stas Bekman Mon, 10 Mar 2003 23:09:23 -0800

I'm not sure what to do about the untaint() function. In mp1 it's Apache->untaint and in mp2 it's ModPerl::Util::untaint. This function cheats and turns the tainted variables untainted, without a proper laundering, but it does that fast. We use it internally in things like Registry scripts, to speed up the compilation of scripts and we know that there couldn't be tainting problems there.

So, since it's not documented in mp1, was it done for the reason of not giving people a bigger gun to shoot a hole faster in their feet or was it just an omission.

Should this function be considered as an internal API and not be advised as a public function, for its potential danger to whoever touches it?

__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

should the untaint() function be documented?

Reply via email to