Bug #41163 for Encode: _utf8_on() does not work for tainted values

RT for rt.cpan.org

This queue is for tickets about the Encode CPAN distribution.

Report information

The Basics

Id:	41163
Status:	resolved
Priority:	0/
Queue:	Encode

People

Owner:	Nobody in particular
Requestors:	FANY [...] cpan.org
Cc:
AdminCc:

Bug Information

Severity:	Normal
Broken in:	2.26
Fixed in:	(no value)

History Show all quoted text

Sun Nov 23 13:37:44 2008 FANY [...] cpan.org - Ticket created

Subject:

_utf8_on() does not work for tainted values

$ perl -MEncode=_utf8_on,is_utf8 -le '$_=shift;Encode::_utf8_on$_;print is_utf8($_)||"no"' foo 1 $ perl -T -MEncode=_utf8_on,is_utf8 -le '$_=shift;Encode::_utf8_on$_;print is_utf8($_)||"no"' foo no While there may be good reasons for not having the utf8 bit blindly activated for tainted data, I think this should at least be documented, and maybe the function should emit a warning or even die when called for a tainted value. Also see <http://rt.cpan.org/Ticket/Display.html?id=41161> on this issue. Regards, fany

Wed Jan 21 17:20:03 2009 DANKOGAI [...] cpan.org - Correspondence added

On Sun Nov 23 13:37:44 2008, FANY wrote: Show quoted text

> $ perl -MEncode=_utf8_on,is_utf8 -le '$_=shift;Encode::_utf8_on$_;print > is_utf8($_)||"no"' foo > 1 >

Document added in 2.27. Dan the Encode Maintainer Show quoted text

> $ perl -T -MEncode=_utf8_on,is_utf8 -le > '$_=shift;Encode::_utf8_on$_;print is_utf8($_)||"no"' foo > no > > While there may be good reasons for not having the utf8 bit blindly > activated for tainted data, I think this should at least be documented, > and maybe the function should emit a warning or even die when called for > a tainted value. > > Also see <http://rt.cpan.org/Ticket/Display.html?id=41161> on this issue. > > Regards, > fany

Wed Jan 21 17:20:05 2009 The RT System itself - Status changed from 'new' to 'open'

Wed Jan 21 17:20:06 2009 DANKOGAI [...] cpan.org - Status changed from 'open' to 'resolved'