From 18512f39426552e29d41a84a0ee5636d24f7ad84 Mon Sep 17 00:00:00 2001 From: Karl Williamson Date: Wed, 19 Feb 2014 09:36:39 -0700 Subject: [PATCH] perlsec: Nit --- pod/perlsec.pod | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pod/perlsec.pod b/pod/perlsec.pod index e480cb3..703bd46 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -183,8 +183,9 @@ But testing for taintedness gets you only so far. Sometimes you have just to clear your data's taintedness. Values may be untainted by using them as keys in a hash; otherwise the only way to bypass the tainting mechanism is by referencing subpatterns from a regular expression match. -Perl presumes that if you reference a substring using $1, $2, etc., that -you knew what you were doing when you wrote the pattern. That means using +Perl presumes that if you reference a substring using $1, $2, etc. in a +non-tainting pattern, that +you knew what you were doing when you wrote that pattern. That means using a bit of thought--don't just blindly untaint anything, or you defeat the entire mechanism. It's better to verify that the variable has only good characters (for certain values of "good") rather than checking whether it -- 2.7.4