From f73351928dfa1d1d564d3f7b8e63c5281ed835ee Mon Sep 17 00:00:00 2001 From: Dave Cross Date: Tue, 22 Oct 2019 14:24:13 +0100 Subject: [PATCH] Fix taint mode @INC documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Explain that -T no longer removes '.' from @INC because, since 5.26, '.' isn't in @INC to start with. Signed-off-by: Petr Písař --- pod/perlsec.pod | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pod/perlsec.pod b/pod/perlsec.pod index b210445685..0682674143 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -245,8 +245,8 @@ Unix-like environments that support #! and setuid or setgid scripts.) =head2 Taint mode and @INC -When the taint mode (C<-T>) is in effect, the "." directory is removed -from C<@INC>, and the environment variables C and C +When the taint mode (C<-T>) is in effect, the environment variables +C and C are ignored by Perl. You can still adjust C<@INC> from outside the program by using the C<-I> command line option as explained in L. The two environment variables are ignored because @@ -268,6 +268,10 @@ problem will be reported: Insecure dependency in require while running with -T switch +On versions of Perl before 5.26, activating taint mode will also remove +the current directory (".") from C<@INC>. Since version 5.26, the +current directory isn't included in C<@INC>. + =head2 Cleaning Up Your Path For "Insecure C<$ENV{PATH}>" messages, you need to set C<$ENV{'PATH'}> to -- 2.21.0