免费注册 查看新帖 |


  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 1944 | 回复: 2
打印 上一主题 下一主题

File::Find 中的 is_tainted_pp 有何意? [复制链接]

1 [收藏(0)] [报告]
发表于 2008-08-30 17:19 |只看该作者 |倒序浏览

  1.   580:       # check whether or not a scalar variable is tainted
  2.   581:        # (code straight from the Camel, 3rd ed., page 561)
  3.   582:        sub is_tainted_pp {
  4.   583:            my $arg = shift;
  5.   584:            my $nada = substr($arg, 0, 0); # zero-length
  6.   585:            local $@;
  7.   586:            eval { eval "# $nada" };
  8.   587:            return length($@) != 0;
  9.   588:        }

这段代码什么意思?  为何substr要取0字节? 又为何再放入eval里运行一遍, 有何意义?
摘自 module File::Find


2 [报告]
发表于 2008-08-30 19:07 |只看该作者

3 [报告]
发表于 2008-08-30 20:34 |只看该作者
直接看programming perl 3rd好了

To test whether a scalar variable contains tainted data, you can use the following is_tainted function. It makes use of the fact that evalSTRING raises an exception if you try to compile tainted data. It doesn't matter that the $nada variable used in the expression to compile will always be empty; it will still be tainted if $arg is tainted. The outer evalBLOCK isn't doing any compilation. It's just there to catch the exception raised if the inner eval is given tainted data. Since the $@ variable is guaranteed to be nonempty after each eval if an exception was raised and empty otherwise, we return the result of testing whether its length was zero:

sub is_tainted {
    my $arg = shift;
    my $nada = substr($arg, 0, 0);  # zero-length
    local $@;  # preserve caller's version
    eval { eval "# $nada" };
    return length($@) != 0;
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复


北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP