File::Find 中的 is_tainted_pp 有何意？

Rob

UID: 8208
帖子: 75
积分: 172
在线时间: 8 小时

1^# Rob 发表于 2008-08-30 17:19

File::Find 中的 is_tainted_pp 有何意？

[Copy to clipboard] [ - ]

CODE:

  580:    # check whether or not a scalar variable is tainted
  581: # (code straight from the Camel, 3rd ed., page 561)
  582: sub is_tainted_pp {
  583:       my $arg = shift;
  584:       my $nada = substr($arg, 0, 0); # zero-length
  585:       local $@;
  586:       eval { eval "# $nada" };
  587:       return length($@) != 0;
  588: }

这段代码什么意思？为何substr要取0字节？又为何再放入eval里运行一遍，有何意义？
摘自 module File::Find

__END__

forlorngenius

UID: 32353
帖子: 42
积分: 96
在线时间: 2 小时

2^# forlorngenius 发表于 2008-08-30 19:07

churchmice

UID: 31829
帖子: 2
积分: 4
在线时间: 10 分钟

3^# churchmice 发表于 2008-08-30 20:34

直接看programming perl 3rd好了

QUOTE:

To test whether a scalar variable contains tainted data, you can use the following is_tainted function. It makes use of the fact that evalSTRING raises an exception if you try to compile tainted data. It doesn't matter that the $nada variable used in the expression to compile will always be empty; it will still be tainted if $arg is tainted. The outer evalBLOCK isn't doing any compilation. It's just there to catch the exception raised if the inner eval is given tainted data. Since the $@ variable is guaranteed to be nonempty after each eval if an exception was raised and empty otherwise, we return the result of testing whether its length was zero:

sub is_tainted {
my $arg = shift;
my $nada = substr($arg, 0, 0); # zero-length
local $@; # preserve caller's version
eval { eval "# $nada" };
return length($@) != 0;
}