I don't understand following code : # untaint $userName (can finish with one or two $) if ($userName =~ /^([\w -.]+\$?)$/) { $userName = $1; } else { print "$0: illegal username\n"; exit (1); } The comment say "(can finish with one or two $)" but the regexp will only match one, and I don't understand what does "untaint" mean. And what is the goal of "$userName = $1" ? $1 will always have the content that $userName already had, except maybe "\n" at the end that would be dropped.
Not maintained anymore