From f73351928dfa1d1d564d3f7b8e63c5281ed835ee Mon Sep 17 00:00:00 2001

From: Dave Cross <dave@dave.org.uk>

Date: Tue, 22 Oct 2019 14:24:13 +0100

Subject: [PATCH] Fix taint mode @INC documentation

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Explain that -T no longer removes '.' from @INC because, since

5.26, '.' isn't in @INC to start with.

Signed-off-by: Petr Písař <ppisar@redhat.com>

---

 pod/perlsec.pod | 8 ++++++--

 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pod/perlsec.pod b/pod/perlsec.pod

index b210445685..0682674143 100644

--- a/pod/perlsec.pod

+++ b/pod/perlsec.pod

@@ -245,8 +245,8 @@ Unix-like environments that support #! and setuid or setgid scripts.)

 =head2 Taint mode and @INC

-When the taint mode (C<-T>) is in effect, the "." directory is removed

-from C<@INC>, and the environment variables C<PERL5LIB> and C<PERLLIB>

+When the taint mode (C<-T>) is in effect, the environment variables

+C<PERL5LIB> and C<PERLLIB>

 are ignored by Perl.  You can still adjust C<@INC> from outside the

 program by using the C<-I> command line option as explained in

 L<perlrun>.  The two environment variables are ignored because

@@ -268,6 +268,10 @@ problem will be reported:

   Insecure dependency in require while running with -T switch

+On versions of Perl before 5.26, activating taint mode will also remove

+the current directory (".") from C<@INC>. Since version 5.26, the

+current directory isn't included in C<@INC>.

+

 =head2 Cleaning Up Your Path

 For "Insecure C<$ENV{PATH}>" messages, you need to set C<$ENV{'PATH'}> to

-- 

2.21.0