ignore PERL_XMLDUMP when tainting

In theory this is a security issue, but from discussion on the security list that the system perl (or the perl used for anything critical) is wildly unlikely to have been built with -Dmad.
author: Tony Cook <tony@develop-help.com> 2012-08-08 13:29:29 +0200
committer: Tony Cook <tony@develop-help.com> 2012-08-08 13:38:46 +0200
commit: 2cc12391b30fddb6f67ee8dca6140a805774bc15 (patch)
tree: 7628b8d51a20b9328fb6ea26349882b7cc9f6a31 /perl.c
parent: ee982b091ce3fe08360cc0fff41cd8c3b39c9787 (diff)
download: perl-2cc12391b30fddb6f67ee8dca6140a805774bc15.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/perl.c b/perl.c
index d836b0b33b..65b0a1cab8 100644
--- a/perl.c
+++ b/perl.c
@@ -2192,7 +2192,8 @@ S_parse_body(pTHX_ char **env, XSINIT_t xsinit)
 #ifdef PERL_MAD
     {
 	const char *s;
-    if ((s = PerlEnv_getenv("PERL_XMLDUMP"))) {
+    if (!PL_tainting &&
+        (s = PerlEnv_getenv("PERL_XMLDUMP"))) {
 	PL_madskills = 1;
 	PL_minus_c = 1;
 	if (!s || !s[0])
author	Tony Cook <tony@develop-help.com>	2012-08-08 13:29:29 +0200
committer	Tony Cook <tony@develop-help.com>	2012-08-08 13:38:46 +0200
commit	2cc12391b30fddb6f67ee8dca6140a805774bc15 (patch)
tree	7628b8d51a20b9328fb6ea26349882b7cc9f6a31 /perl.c
parent	ee982b091ce3fe08360cc0fff41cd8c3b39c9787 (diff)
download	perl-2cc12391b30fddb6f67ee8dca6140a805774bc15.tar.gz