cpan/Encode/t/perlio.t test script
cpan/Encode/t/piconv.t Test for piconv.t
cpan/Encode/t/rt.pl test script
+cpan/Encode/t/taint.t
cpan/Encode/t/unibench.pl benchmark script
cpan/Encode/t/Unicode.t test script
cpan/Encode/t/utf8ref.t test script
'Encode' => {
'MAINTAINER' => 'dankogai',
- 'DISTRIBUTION' => 'DANKOGAI/Encode-2.49.tar.gz',
+ 'DISTRIBUTION' => 'DANKOGAI/Encode-2.51.tar.gz',
'FILES' => q[cpan/Encode],
'UPSTREAM' => 'cpan',
},
# Revision history for Perl extension Encode.
#
-# $Id: Changes,v 2.49 2013/03/05 03:12:49 dankogai Exp dankogai $
+# $Id: Changes,v 2.51 2013/04/29 22:19:11 dankogai Exp dankogai $
#
-$Revision: 2.49 $ $Date: 2013/03/05 03:12:49 $
+$Revision: 2.51 $ $Date: 2013/04/29 22:19:11 $
+! Encode.xs
+ Addressed: Encode.xs doesn't compile with Microsoft C compiler
+ https://rt.cpan.org/Public/Bug/Display.html?id=84920
+! MANIFEST
+ Addressed: t/taint.t missing
+ https://rt.cpan.org/Public/Bug/Display.html?id=84919
+
+2.50 2013/04/26 18:30:46
+! Encode.xs Unicode/Unicode.xs
+ lib/Encode/Unicode/UTF7.pm lib/CN/HZ.pm lib/Encode/GSM0338.pm
+ t/taint.t
+ Addressed: Encode::encode and Encode::decode
+ gratuitously launders tainted data
+ Taintedness now propagates as it should.
+ https://rt.cpan.org/Ticket/Display.html?id=84879
+! encoding.pm
+ Addressed: 5.18 deprecation
+ https://rt.cpan.org/Ticket/Display.html?id=84709
+! bin/piconv
+ Applied: Update piconv documentation
+ https://rt.cpan.org/Ticket/Display.html?id=84695
+
+2.49 2013/03/05 03:12:49
! Encode.xs
Addressed: Encoding objects leak memory if decoding fails
https://github.com/dankogai/p5-encode/issues/8
#
-# $Id: Encode.pm,v 2.49 2013/03/05 03:13:47 dankogai Exp dankogai $
+# $Id: Encode.pm,v 2.51 2013/04/29 22:19:11 dankogai Exp dankogai $
#
package Encode;
use strict;
use warnings;
-our $VERSION = sprintf "%d.%02d", q$Revision: 2.49 $ =~ /(\d+)/g;
+our $VERSION = sprintf "%d.%02d", q$Revision: 2.51 $ =~ /(\d+)/g;
use constant DEBUG => !!$ENV{PERL_ENCODE_DEBUG};
use XSLoader ();
XSLoader::load( __PACKAGE__, $VERSION );
=head1 COPYRIGHT
-Copyright 2002-2012 Dan Kogai I<< <dankogai@cpan.org> >>.
+Copyright 2002-2013 Dan Kogai I<< <dankogai@cpan.org> >>.
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.
/*
- $Id: Encode.xs,v 2.21 2013/03/05 03:12:49 dankogai Exp dankogai $
+ $Id: Encode.xs,v 2.23 2013/04/29 22:19:11 dankogai Exp dankogai $
*/
#define PERL_NO_GET_CONTEXT
STRLEN tlen = slen;
STRLEN ddone = 0;
STRLEN sdone = 0;
-
/* We allocate slen+1.
PerlIO dumps core if this value is smaller than this. */
SV *dst = sv_2mortal(newSV(slen+1));
STRLEN trmlen = 0;
U8 *trm = term ? (U8*) SvPV(term, trmlen) : NULL;
+ if (SvTAINTED(src)) SvTAINTED_on(dst); /* propagate taintedness */
+
if (offset) {
s += *offset;
if (slen > *offset){ /* safeguard against slen overflow */
SvCUR_set(src, slen);
}
SvUTF8_on(dst);
+ if (SvTAINTED(src)) SvTAINTED_on(dst); /* propagate taintedness */
ST(0) = dst;
XSRETURN(1);
}
}
SvPOK_only(dst);
SvUTF8_off(dst);
+ if (SvTAINTED(src)) SvTAINTED_on(dst); /* propagate taintedness */
ST(0) = dst;
XSRETURN(1);
}
t/perlio.t test script
t/piconv.t test script
t/rt.pl even more test script
+t/taint.t test script
t/unibench.pl benchmark script
t/utf8ref.t test script
t/utf8strict.t test script
"unknown"
],
"dynamic_config" : 1,
- "generated_by" : "ExtUtils::MakeMaker version 6.64, CPAN::Meta::Converter version 2.120921",
+ "generated_by" : "ExtUtils::MakeMaker version 6.66, CPAN::Meta::Converter version 2.130880",
"license" : [
"perl_5"
],
}
},
"release_status" : "stable",
- "version" : "2.49"
+ "version" : "2.51"
}
configure_requires:
ExtUtils::MakeMaker: 0
dynamic_config: 1
-generated_by: 'ExtUtils::MakeMaker version 6.64, CPAN::Meta::Converter version 2.120921'
+generated_by: 'ExtUtils::MakeMaker version 6.66, CPAN::Meta::Converter version 2.130880'
license: perl
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
- t
- inc
requires: {}
-version: 2.49
+version: 2.51
/*
- $Id: Unicode.xs,v 2.9 2012/08/05 23:08:49 dankogai Exp $
+ $Id: Unicode.xs,v 2.10 2013/04/26 18:30:46 dankogai Exp $
*/
#define PERL_NO_GET_CONTEXT
*SvEND(str) = '\0';
}
- if (!temp_result)
- shrink_buffer(result);
-
+ if (!temp_result) shrink_buffer(result);
+ if (SvTAINTED(str)) SvTAINTED_on(result); /* propagate taintedness */
XSRETURN(1);
}
*SvEND(utf8) = '\0';
}
- if (!temp_result)
- shrink_buffer(result);
+ if (!temp_result) shrink_buffer(result);
+ if (SvTAINTED(utf8)) SvTAINTED_on(result); /* propagate taintedness */
SvSETMAGIC(utf8);
#!./perl
-# $Id: piconv,v 2.4 2009/07/08 13:34:15 dankogai Exp $
+# $Id: piconv,v 2.5 2013/04/26 18:30:46 dankogai Exp $
#
use 5.8.0;
use strict;
my $message = shift;
$message and print STDERR "$name error: $message\n";
print STDERR <<"EOT";
-$name [-f from_encoding] [-t to_encoding] [-s string] [files...]
+$name [-f from_encoding] [-t to_encoding]
+ [-p|--perlqq|--htmlcref|--xmlcref] [-C N|-c] [-D] [-S scheme]
+ [-s string|file...]
$name -l
$name -r encoding_alias
+$name -h
+Common options:
-l,--list
lists all available encodings
-r,--resolve encoding_alias
-s,--string string
"string" will be the input instead of STDIN or files
The following are mainly of interest to Encode hackers:
- -D,--debug show debug information
-C N | -c check the validity of the input
+ -D,--debug show debug information
-S,--scheme scheme use the scheme for conversion
-Those are handy when you can only see ascii characters:
- -p,--perlqq
- --htmlcref
- --xmlcref
+Those are handy when you can only see ASCII characters:
+ -p,--perlqq transliterate characters missing in encoding to \x{HHHH}
+ where HHHH is the hexadecimal Unicode code point
+ --htmlcref transliterate characters missing in encoding to &#NNN;
+ where NNN is the decimal Unicode code point
+ --xmlcref transliterate characters missing in encoding to &#xHHHH;
+ where HHHH is the hexadecimal Unicode code point
+
EOT
exit;
}
=head1 SYNOPSIS
- piconv [-f from_encoding] [-t to_encoding] [-s string] [files...]
+ piconv [-f from_encoding] [-t to_encoding]
+ [-p|--perlqq|--htmlcref|--xmlcref] [-C N|-c] [-D] [-S scheme]
+ [-s string|file...]
piconv -l
- piconv [-C N|-c|-p]
- piconv -S scheme ...
- piconv -r encoding
- piconv -D ...
+ piconv -r encoding_alias
piconv -h
=head1 DESCRIPTION
piconv converts the character encoding of either STDIN or files
specified in the argument and prints out to STDOUT.
-Here is the list of options. Each option can be in short format (-f)
-or long (--from).
+Here is the list of options. Some options can be in short format (-f)
+or long (--from) one.
=over 4
-=item -f,--from from_encoding
+=item -f,--from I<from_encoding>
Specifies the encoding you are converting from. Unlike B<iconv>,
this option can be omitted. In such cases, the current locale is used.
-=item -t,--to to_encoding
+=item -t,--to I<to_encoding>
Specifies the encoding you are converting to. Unlike B<iconv>,
this option can be omitted. In such cases, the current locale is used.
instead of "cp850", or "winlatin1" for "cp1252". See L<Encode::Supported>
for a full discussion.
+=item -r,--resolve I<encoding_alias>
+
+Resolve I<encoding_alias> to Encode canonical encoding name.
+
=item -C,--check I<N>
Check the validity of the stream if I<N> = 1. When I<N> = -1, something
=item -p,--perlqq
-=item --htmlcref
+Transliterate characters missing in encoding to \x{HHHH} where HHHH is the
+hexadecimal Unicode code point.
-=item --xmlcref
+=item --htmlcref
-Applies PERLQQ, HTMLCREF, XMLCREF, respectively. Try
+Transliterate characters missing in encoding to &#NNN; where NNN is the
+decimal Unicode code point.
- piconv -f utf8 -t ascii --perlqq
+=item --xmlcref
-To see what it does.
+Transliterate characters missing in encoding to &#xHHHH; where HHHH is the
+hexadecimal Unicode code point.
=item -h,--help
Invokes debugging mode. Primarily for Encode hackers.
-=item -S,--scheme scheme
+=item -S,--scheme I<scheme>
Selects which scheme is to be used for conversion. Available schemes
are as follows:
-# $Id: encoding.pm,v 2.11 2013/02/18 02:23:56 dankogai Exp $
+# $Id: encoding.pm,v 2.12 2013/04/26 18:30:46 dankogai Exp $
package encoding;
-our $VERSION = '2.6_01';
+our $VERSION = sprintf "%d.%02d", q$Revision: 2.12 $ =~ /(\d+)/g;
use Encode;
use strict;
perl that is deprecated under 5.18 and higher, and may be removed in a
future version.
+The easiest and the best alternative is to write your script in UTF-8
+and declear:
+
+ use utf8; # not use encoding ':utf8';
+
+See L<perluniintro> and L<utf8> for details.
+
=head1 SYNOPSIS
use encoding "greek"; # Perl like Greek to you?
use utf8 ();
use vars qw($VERSION);
-$VERSION = do { my @r = ( q$Revision: 2.5 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r };
+$VERSION = do { my @r = ( q$Revision: 2.6 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r };
use Encode qw(:fallbacks);
my ( $obj, $str, $chk ) = @_;
my $GB = Encode::find_encoding('gb2312-raw');
- my $ret = '';
+ my $ret = substr($str, 0, 0); # to propagate taintedness
my $in_ascii = 1; # default mode is ASCII.
while ( length $str ) {
}
sub encode($$;$) {
- my ( $obj, $str, $chk ) = @_;
+ my ( $obj, $str, $chk ) = @_;
my $GB = Encode::find_encoding('gb2312-raw');
- my $ret = '';
+ my $ret = substr($str, 0, 0); # to propagate taintedness;
my $in_ascii = 1; # default mode is ASCII.
no warnings 'utf8'; # $str may be malformed UTF8 at the end of a chunk.
#
-# $Id: GSM0338.pm,v 2.2 2012/08/15 05:36:16 dankogai Exp $
+# $Id: GSM0338.pm,v 2.3 2013/04/26 18:30:46 dankogai Exp $
#
package Encode::GSM0338;
use Carp;
use vars qw($VERSION);
-$VERSION = do { my @r = ( q$Revision: 2.2 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r };
+$VERSION = do { my @r = ( q$Revision: 2.3 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r };
use Encode qw(:fallbacks);
sub decode ($$;$) {
my ( $obj, $bytes, $chk ) = @_;
- my $str;
+ my $str = substr($bytes, 0, 0); # to propagate taintedness;
while ( length $bytes ) {
my $c = substr( $bytes, 0, 1, '' );
my $u;
sub encode($$;$) {
my ( $obj, $str, $chk ) = @_;
- my $bytes;
+ my $bytes = substr($str, 0, 0); # to propagate taintedness
while ( length $str ) {
my $u = substr( $str, 0, 1, '' );
my $c;
#
-# $Id: UTF7.pm,v 2.6 2012/08/05 23:08:49 dankogai Exp $
+# $Id: UTF7.pm,v 2.7 2013/04/26 18:30:46 dankogai Exp $
#
package Encode::Unicode::UTF7;
use strict;
no warnings 'redefine';
use base qw(Encode::Encoding);
__PACKAGE__->Define('UTF-7');
-our $VERSION = do { my @r = ( q$Revision: 2.6 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r };
+our $VERSION = do { my @r = ( q$Revision: 2.7 $ =~ /\d+/g ); sprintf "%d." . "%02d" x $#r, @r };
use MIME::Base64;
use Encode;
my ( $obj, $str, $chk ) = @_;
my $len = length($str);
pos($str) = 0;
- my $bytes = '';
+ my $bytes = substr($str, 0, 0); # to propagate taintedness
while ( pos($str) < $len ) {
if ( $str =~ /\G($re_asis+)/ogc ) {
my $octets = $1;
}
sub decode($$;$) {
+ use re 'taint';
my ( $obj, $bytes, $chk ) = @_;
my $len = length($bytes);
- my $str = "";
+ my $str = substr($bytes, 0, 0); # to propagate taintedness;
pos($bytes) = 0;
no warnings 'uninitialized';
while ( pos($bytes) < $len ) {
--- /dev/null
+#!/usr/bin/perl -T
+use strict;
+use Encode qw(encode decode);
+use Scalar::Util qw(tainted);
+use Test::More;
+
+my $str = "abc" . substr($ENV{PATH},0,0); # tainted string
+my @names = Encode->encodings(':all');
+plan tests => 2 * @names;
+for my $name (@names){
+ my $e = encode($name, $str);
+ ok tainted($e), "encode $name";
+ my $d = decode($name, $e);
+ ok tainted($d), "decode $name";
+}