--- lib/Data/FormValidator/Results.pm.orig 2012-08-16 10:54:34.168443434 +0200 +++ lib/Data/FormValidator/Results.pm 2012-08-16 10:54:52.126443666 +0200 @@ -807,7 +807,7 @@ # With methods, the value is the second argument my $val = $force_method_p ? $_[1] : $_[0]; my ($match) = scalar ($val =~ $re); - if ($untaint_this && defined $match) { + if ($untaint_this && $match) { # pass the value through a RE that matches anything to untaint it. my ($untainted) = ($& =~ m/(.*)/s); return $untainted; --- /dev/null 2012-06-14 10:53:10.614001004 +0200 +++ t/untaint_match_check.t 2012-08-16 10:57:38.747450934 +0200 @@ -0,0 +1,16 @@ +use strict; +use warnings; +use Test::More tests => 3; +use Data::FormValidator; +"unrelated match" =~ /match/; +my $result = Data::FormValidator->check( + { a => 'invalid value' }, # input data + { # validation profile + untaint_all_constraints => 1, + optional => ['a'], + constraints => { a => qr/never matches/, }, + }, +); +ok( not $result->success ) or diag( 'Valid: ', $result->valid ); +ok( $result->has_invalid ); +is_deeply( scalar( $result->invalid ), { 'a' => [qr/never matches/] } );