Change 17516 by rgs@rgs-home on 2002/07/13 11:28:01
The warning "Use of tainted arguments in %s is deprecated"
was incorrectly reported whenever system or exec was
invoked with multiple arguments.
Affected files ...
.... //depot/perl/pod/perldiag.pod#308 edit
.... //depot/perl/pp_sys.c#312 edit
.... //depot/perl/t/op/taint.t#48 edit
Differences ...
==== //depot/perl/pod/perldiag.pod#308 (text) ====
Index: perl/pod/perldiag.pod
--- perl/pod/perldiag.pod#307~17475~ Wed Jul 10 16:36:37 2002
+++ perl/pod/perldiag.pod Sat Jul 13 04:28:01 2002
@@ -4166,7 +4166,7 @@
=item Use of tainted arguments in %s is deprecated
-(W taint) You have supplied C<system()> or C<exec()> with multiple
+(W taint, deprecated) You have supplied C<system()> or C<exec()> with multiple
arguments and at least one of them is tainted. This used to be allowed
but will become a fatal error in a future version of perl. Untaint your
arguments. See L<perlsec>.
==== //depot/perl/pp_sys.c#312 (text) ====
Index: perl/pp_sys.c
--- perl/pp_sys.c#311~17235~ Fri Jun 14 04:09:07 2002
+++ perl/pp_sys.c Sat Jul 13 04:28:01 2002
@@ -4049,18 +4049,21 @@
I32 did_pipes = 0;
if (PL_tainting) {
+ int some_arg_tainted = 0;
TAINT_ENV();
while (++MARK <= SP) {
(void)SvPV_nolen(*MARK); /* stringify for taint check */
- if (PL_tainted)
+ if (PL_tainted) {
+ some_arg_tainted = 1;
break;
+ }
}
MARK = ORIGMARK;
/* XXX Remove warning at end of deprecation cycle --RD 2002-02 */
if (SP - MARK == 1) {
TAINT_PROPER("system");
}
- else if (ckWARN2(WARN_TAINT, WARN_DEPRECATED)) {
+ else if (some_arg_tainted && ckWARN2(WARN_TAINT, WARN_DEPRECATED)) {
Perl_warner(aTHX_ packWARN2(WARN_TAINT, WARN_DEPRECATED),
"Use of tainted arguments in %s is deprecated", "system");
}
@@ -4175,18 +4178,21 @@
STRLEN n_a;
if (PL_tainting) {
+ int some_arg_tainted = 0;
TAINT_ENV();
while (++MARK <= SP) {
(void)SvPV_nolen(*MARK); /* stringify for taint check */
- if (PL_tainted)
+ if (PL_tainted) {
+ some_arg_tainted = 1;
break;
+ }
}
MARK = ORIGMARK;
/* XXX Remove warning at end of deprecation cycle --RD 2002-02 */
if (SP - MARK == 1) {
TAINT_PROPER("exec");
}
- else if (ckWARN2(WARN_TAINT, WARN_DEPRECATED)) {
+ else if (some_arg_tainted && ckWARN2(WARN_TAINT, WARN_DEPRECATED)) {
Perl_warner(aTHX_ packWARN2(WARN_TAINT, WARN_DEPRECATED),
"Use of tainted arguments in %s is deprecated", "exec");
}
==== //depot/perl/t/op/taint.t#48 (xtext) ====
Index: perl/t/op/taint.t
--- perl/t/op/taint.t#47~16257~ Sun Apr 28 13:26:30 2002
+++ perl/t/op/taint.t Sat Jul 13 04:28:01 2002
@@ -124,7 +124,7 @@
my $TEST = catfile(curdir(), 'TEST');
-print "1..203\n";
+print "1..205\n";
# First, let's make sure that Perl is checking the dangerous
# environment variables. Maybe they aren't set yet, so we'll
@@ -452,7 +452,7 @@
test 87, $@ eq '', $@;
}
else {
- for (86..87) { print "ok $_ # Skipped: this is not VMS\n"; }
+ for (86..87) { print "ok $_ # Skipped: This is not VMS\n"; }
}
}
@@ -957,12 +957,17 @@
test 194, eval { system $TAINT, $TAINT } eq '', 'system';
test 195, $@ =~ $err, $@;
- test 196, eval { system $TAINT $TAINT } eq '', 'exec';
+ test 196, eval { system $TAINT $TAINT } eq '', 'system';
test 197, $@ =~ $err, $@;
- test 198, eval { system $TAINT $TAINT, $TAINT } eq '', 'exec';
+ test 198, eval { system $TAINT $TAINT, $TAINT } eq '', 'system';
test 199, $@ =~ $err, $@;
- test 200, eval { system $TAINT 'notaint' } eq '', 'exec';
+ test 200, eval { system $TAINT 'notaint' } eq '', 'system';
test 201, $@ =~ $err, $@;
- test 202, eval { system {'notaint'} $TAINT } eq '', 'exec';
+ test 202, eval { system {'notaint'} $TAINT } eq '', 'system';
test 203, $@ =~ $err, $@;
+
+ eval { system("lskdfj does not exist","with","args"); };
+ test 204, $@ eq '';
+ eval { exec("lskdfj does not exist","with","args"); };
+ test 205, $@ eq '';
}
End of Patch.
