Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
RT #67962: $1 treated as tainted in untainted match
Fix the issue in the following: use re 'taint'; $tainted =~ /(...)/; # $1 now correctly tainted $untainted =~ s/(...)/$1/; # $untainted now incorrectly tainted The problem stems from when $1 is updated. pp_substcont, which is called after the replacement expression has been evaluated, checks the returned expression for taintedness, and if so, taints the variable being substituted. For a substitution like s/(...)/x$1/ this works fine: the expression "x".$1 causes $1's get magic to be called, which sets $1 based on the recent match, and is marked as not tainted. Thus the returned expression is untainted. In the variant s/(...)/$1/, the returned value on the stack is $1 itself, and its get magic hasn't been called yet. So it still has the tainted flag from the previous pattern. The solution is to mg_get the returned expression *before* testing for taintedness.
- Loading branch information