[perl #82250] fix tainted (s)print format

commit 20ee07fbbcfa6be9f90bb8e5474a4d69d7396617
introduced dieing in (s)printf when the format is tainted;
however it only worked when the format is part of an expression
(because TAINT_PROPER checks for PL_tainted being set).

Fix by doing TAINT_PROPER only after get magic has been done on the format
SV (which will set PL_tainted). This is done by moving the checks in
pp_sprintf and pp_prtf into do_sprintf() (which is called by the two pp
functions).

1 files changed, 8 insertions, 3 deletions

diff --git a/t/op/taint.t b/t/op/taint.t
index ae031cf7bb..c695570bfe 100644
--- a/t/op/taint.t
+++ b/t/op/taint.t
@@ -17,7 +17,7 @@ BEGIN {
 use strict;
 use Config;
 
-plan tests => 766;
+plan tests => 770;
 
 $| = 1;
 
@@ -1829,12 +1829,17 @@ SKIP:
 
 {
     # tests for tainted format in s?printf
-    violates_taint(sub { printf($TAINT . "# %s\n", "foo") }, 'printf',
+    my $fmt = $TAINT . "# %s\n";
+    violates_taint(sub { printf($fmt, "foo") }, 'printf',
 		   q/printf doesn't like tainted formats/);
+    violates_taint(sub { printf($TAINT . "# %s\n", "foo") }, 'printf',
+		   q/printf doesn't like tainted format expressions/);
     eval { printf("# %s\n", $TAINT . "foo") };
     is($@, '', q/printf accepts other tainted args/);
-    violates_taint(sub { sprintf($TAINT . "# %s\n", "foo") }, 'sprintf',
+    violates_taint(sub { sprintf($fmt, "foo") }, 'sprintf',
 		   q/sprintf doesn't like tainted formats/);
+    violates_taint(sub { sprintf($TAINT . "# %s\n", "foo") }, 'sprintf',
+		   q/sprintf doesn't like tainted format expressions/);
     eval { sprintf("# %s\n", $TAINT . "foo") };
     is($@, '', q/sprintf accepts other tainted args/);
 }