据我所知,一旦变量被污染,Perl将不允许在system(),exec(),管道打开,eval(),反引号命令或任何影响程序外部某些功能(例如取消链接)的函数中使用它)。那么取消它的过程是什么?
最佳答案
在受污染的变量上使用正则表达式以提取“安全”值:
Sometimes you have just to clear your data's taintedness. Values may be untainted by using them as keys in a hash; otherwise the only way to bypass the tainting mechanism is by referencing subpatterns from a regular expression match. Perl presumes that if you reference a substring using $1, $2, etc., that you knew what you were doing when you wrote the pattern.
但是请不要忽略此警告:
That means using a bit of thought--don't just blindly untaint anything, or you defeat the entire mechanism. It's better to verify that the variable has only good characters (for certain values of "good") rather than checking whether it has any bad characters. That's because it's far too easy to miss bad characters that you never thought of.
Perlsec: Laundering and Detecting Tainted Data
关于perl - 我如何 “untaint”一个变量?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/8709487/