From 7687d286485cd6742ddc9bd1c0f4a225d2f45725 Mon Sep 17 00:00:00 2001
From: Karl Williamson <public@khwilliamson.com>
Date: Wed, 14 Dec 2011 09:41:26 -0700
Subject: [PATCH] perlsec: Fix example to localize $@.

Not doing this can cause hard-to-find bugs.
---
 pod/perldelta.pod | 7 +++++--
 pod/perlsec.pod   | 1 +
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/pod/perldelta.pod b/pod/perldelta.pod
index 81f2263..387f61d 100644
--- a/pod/perldelta.pod
+++ b/pod/perldelta.pod
@@ -393,13 +393,16 @@ XXX Changes which significantly change existing files in F<pod/> go here.
 However, any changes to F<pod/perldiag.pod> should go in the L</Diagnostics>
 section.
 
-=head3 L<XXX>
+=head3 L<perlsec/Laundering and Detecting Tainted Data>
 
 =over 4
 
 =item *
 
-XXX Description of the change here
+The example function for checking for taintedness contained a subtle
+error.  C<$@> needs to be localized to prevent its changing this
+global's value outside the function.  The preferred method to check for
+this, though, remains to use L<Scalar::Util/tainted>.
 
 =back
 
diff --git a/pod/perlsec.pod b/pod/perlsec.pod
index 1c49453..d8470ec 100644
--- a/pod/perlsec.pod
+++ b/pod/perlsec.pod
@@ -170,6 +170,7 @@ nearby CPAN mirror, and included in Perl starting from the release 5.8.0.
 Or you may be able to use the following C<is_tainted()> function.
 
     sub is_tainted {
+        local $@;   # Don't pollute caller's value.
         return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 };
     }
 
-- 
2.7.4