Re: untainted, unfrozen, honest-to-god session data!

< ^ > P N |<>|^_>< --- | ~ ...Help
In message "Re: untainted, unfrozen, honest-to-god session data!"
    on 02/11/20, "Chris" <nemo / hellotree.com> writes:

|Well, after closer inspection, I think I have narrowed down the freezing
|problem some.  The problem seems to be with Hash objects only.  All of the
|keys of the session hash are frozen.  All of the keys of all of the hashes
|*in* the session hash are also frozen.  And everything, everything is
|tainted, except for Fixnums, true, false, and nil.
|
|So I have no idea why this is happening.  I, too, have looked around and
|have found nothing.

String hash keys are copied and frozen.  This is intended behavior.
If you want to preserve original strings, put them in the value, i.e.

  hash[key] = [key, value]

Session data are tainted, because they are external.  Maybe there's a
smarter way to untaint trusted external data.  But I have no idea
right now.  Currently, You have to remove taintedness by yourself
using "untaint".

							matz.