diff options
| author | Gurusamy Sarathy <gsar@cpan.org> | 1999-10-24 23:20:10 +0000 |
|---|---|---|
| committer | Gurusamy Sarathy <gsar@cpan.org> | 1999-10-24 23:20:10 +0000 |
| commit | eb1050c4face6d4b888d24e238603c6cab701135 (patch) | |
| tree | d31e2453a91ab75c53f0a82ba4e835937018a089 /sv.c | |
| parent | f4c556ac9d141bf86702c68d95acad2db5ec6874 (diff) | |
| download | perl-eb1050c4face6d4b888d24e238603c6cab701135.tar.gz | |
remove inconsistent tainting behavior of sprintf("%e",...)
(all bets are off is "C" locale is compromised)
p4raw-id: //depot/perl@4449
Diffstat (limited to 'sv.c')
| -rw-r--r-- | sv.c | 32 |
1 files changed, 0 insertions, 32 deletions
@@ -5478,38 +5478,6 @@ Perl_sv_vcatpvfn(pTHX_ SV *sv, const char *pat, STRLEN patlen, va_list *args, SV eptr = PL_efloatbuf; elen = strlen(PL_efloatbuf); - -#ifdef USE_LOCALE_NUMERIC - /* - * User-defined locales may include arbitrary characters. - * And, unfortunately, some (broken) systems may allow the - * "C" locale to be overridden by a malicious user. - * XXX This is an extreme way to cope with broken systems. - */ - if (maybe_tainted && PL_tainting) { - /* safe if it matches /[-+]?\d*(\.\d*)?([eE][-+]?\d*)?/ */ - if (*eptr == '-' || *eptr == '+') - ++eptr; - while (isDIGIT(*eptr)) - ++eptr; - if (*eptr == '.') { - ++eptr; - while (isDIGIT(*eptr)) - ++eptr; - } - if (*eptr == 'e' || *eptr == 'E') { - ++eptr; - if (*eptr == '-' || *eptr == '+') - ++eptr; - while (isDIGIT(*eptr)) - ++eptr; - } - if (*eptr) - *maybe_tainted = TRUE; /* results are suspect */ - eptr = PL_efloatbuf; - } -#endif /* USE_LOCALE_NUMERIC */ - break; /* SPECIAL */ |