Add a warning about the symbolic methods and

symbolic sub refs not being checked for taint. p4raw-id: //depot/perl@15875
author: Jarkko Hietaniemi <jhi@iki.fi> 2002-04-12 13:16:43 +0000
committer: Jarkko Hietaniemi <jhi@iki.fi> 2002-04-12 13:16:43 +0000
commit: 7f6513c1071003ae5bc4d38d5816fd7d293c6346 (patch)
tree: 4dfd194d4d1f27d33b873e5aab3b367243cee911 /pod/perlsec.pod
parent: b3365ecb9239da20ce4e458d0c2b03e206f39ffa (diff)
download: perl-7f6513c1071003ae5bc4d38d5816fd7d293c6346.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/pod/perlsec.pod b/pod/perlsec.pod
index 53192cb3ca..8616c642d3 100644
--- a/pod/perlsec.pod
+++ b/pod/perlsec.pod
@@ -54,6 +54,23 @@ mechanism.
 
 Arguments to C<print> and C<syswrite> are B<not> checked for taintedness.
 
+=item *
+
+Symbolic methods
+
+    $obj->$method(@args);
+
+and symbolic sub references
+
+    &{$foo}(@args);
+    $foo->(@args);
+
+are not checked for taintedness.  This requires extra carefulness
+unless you want external data to affect your control flow.  Unless
+you carefully limit what these symbolic values are, people are able
+to call functions B<outside> your Perl code, such as POSIX::system,
+in which case they are able to run arbitrary external code.
+
 =back
 
 The value of an expression containing tainted data will itself be
author	Jarkko Hietaniemi <jhi@iki.fi>	2002-04-12 13:16:43 +0000
committer	Jarkko Hietaniemi <jhi@iki.fi>	2002-04-12 13:16:43 +0000
commit	7f6513c1071003ae5bc4d38d5816fd7d293c6346 (patch)
tree	4dfd194d4d1f27d33b873e5aab3b367243cee911 /pod/perlsec.pod
parent	b3365ecb9239da20ce4e458d0c2b03e206f39ffa (diff)
download	perl-7f6513c1071003ae5bc4d38d5816fd7d293c6346.tar.gz