Bill Kelly wrote:
> In any case, it's line #4 that is causing me trouble.  In
> both this test script and in the real CGI script, my log
> shows I've successfully untainted the object (referenced
> by the 'view' variable) prior to using it in the string
> interpolation:
> 
>   filename = "demo/#{view}"
> 
> .and yet 'filename' is coming out tainted.  That's not
> correct behavior is it?  Or am I missing something?

Does CGI#[] still return an array? I thought this had changed, but at 
any rate:

$SAFE = 1
view = ['spang']
view.first.taint
view.untaint
p view.tainted? #=> false
filename = "demo/#{view}"
p filename.tainted? #=> true

Check what type view actually has before the interpolation. It may be 
that you are interpolating tainted elements from an untainted container.

HTH

-- 
(\[ Kent Dahl ]/)_    _~_    _____[ http://www.pvv.org/~kentda/ ]_____/~
  ))\_student_/((  \__d L b__/     Master of Science in Technology     )
( \__\_?|?_/__/ ) _)  Industrial economics and technology management (
  \____/_?_\____/ (____engineering.discipline_=_Computer::Technology___)