diff options
| author | Gurusamy Sarathy <gsar@cpan.org> | 1999-10-24 23:20:10 +0000 |
|---|---|---|
| committer | Gurusamy Sarathy <gsar@cpan.org> | 1999-10-24 23:20:10 +0000 |
| commit | eb1050c4face6d4b888d24e238603c6cab701135 (patch) | |
| tree | d31e2453a91ab75c53f0a82ba4e835937018a089 /pod | |
| parent | f4c556ac9d141bf86702c68d95acad2db5ec6874 (diff) | |
| download | perl-eb1050c4face6d4b888d24e238603c6cab701135.tar.gz | |
remove inconsistent tainting behavior of sprintf("%e",...)
(all bets are off is "C" locale is compromised)
p4raw-id: //depot/perl@4449
Diffstat (limited to 'pod')
| -rw-r--r-- | pod/perlfunc.pod | 7 | ||||
| -rw-r--r-- | pod/perllocale.pod | 15 |
2 files changed, 6 insertions, 16 deletions
diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod index 42c5d2bdd5..f8efd7e428 100644 --- a/pod/perlfunc.pod +++ b/pod/perlfunc.pod @@ -4195,13 +4195,6 @@ If C<use locale> is in effect, the character used for the decimal point in formatted real numbers is affected by the LC_NUMERIC locale. See L<perllocale>. -To cope with broken systems that allow the standard locales to be -overridden by malicious users, the return value may be tainted -if any of the floating point formats are used and the conversion -yields something that doesn't look like a normal C-locale floating -point number. This happens regardless of whether C<use locale> is -in effect or not. - If Perl understands "quads" (64-bit integers) (this requires either that the platform natively supports quads or that Perl has been specifically compiled to support quads), the characters diff --git a/pod/perllocale.pod b/pod/perllocale.pod index 510117f299..475cc0d1e5 100644 --- a/pod/perllocale.pod +++ b/pod/perllocale.pod @@ -641,11 +641,12 @@ case-mapping table is in effect. =item * -If the decimal point character in the C<LC_NUMERIC> locale is -surreptitiously changed from a dot to a comma, C<sprintf("%g", -0.123456e3)> produces a string result of "123,456". Many people would -interpret this as one hundred and twenty-three thousand, four hundred -and fifty-six. +Some systems are broken in that they allow the "C" locale to be +overridden by users. If the decimal point character in the +C<LC_NUMERIC> category of the "C" locale is surreptitiously changed +from a dot to a comma, C<sprintf("%g", 0.123456e3)> produces a +string result of "123,456". Many people would interpret this as +one hundred and twenty-three thousand, four hundred and fifty-six. =item * @@ -714,10 +715,6 @@ if modified as a result of a substitution based on a regular expression match involving C<\w>, C<\W>, C<\s>, or C<\S>; or of case-mapping with C<\l>, C<\L>,C<\u> or C<\U>. -=item B<In-memory formatting function> (sprintf()): - -Result is tainted if C<use locale> is in effect. - =item B<Output formatting functions> (printf() and write()): Success/failure result is never tainted. |