| Subject: | tainted() doesn't do SvGETMAGIC(sv) |
tainted() doesn't run get magic before testing the value
for taintedness. This gives effects like the following:
use Scalar::Util qw(tainted);
sub TIESCALAR { bless {} }
sub FETCH { $^X }
tie my $t, 'main';
print 'bare $t ', tainted($t) ? 'tainted' : 'not tainted', "\n";
print 'stringy $t ', tainted("$t") ? 'tainted' : 'not tainted', "\n";
which gives:
bare $t not tainted
stringy $t tainted
This originally came up in
https://rt.perl.org/rt3/Ticket/Display.html?id=56490
where regex magic vars were incorrectly reported as being not tainted.
Rick Delaney suggested adding SvGETMAGIC(sv);
Alternatively, tainted() needs documenting that this is how it works.
Dave M