Subject: | Possible security hole: Please change :ut8 layer to :encoding(UTF-8) |
When enabling utf8, IO::All has the following:
sub utf8 {
my $self = shift;
if ($] < 5.008) {
die "IO::All -utf8 not supported on Perl older than 5.8";
}
CORE::binmode($self->io_handle, ':utf8')
if $self->is_open;
$self->_utf8(1);
$self->encoding('utf8');
return $self;
}
However, the :utf8 layer only marks the filehandle as utf8. It does not
validate that the data is actually UTF-8. This is possibly a security
hole. You can fix this with:
CORE::binmode($self->io_handle, ':encoding(UTF-8)')
See http://www.perlmonks.org/?node_id=644786 for more details.
Cheers,
Ovid