diff -up Data-FormValidator-4.66/lib/Data/FormValidator/Results.pm.orig Data-FormValidator-4.66/lib/Data/FormValidator/Results.pm --- Data-FormValidator-4.66/lib/Data/FormValidator/Results.pm.orig 2010-02-24 15:31:03.000000000 +0100 +++ Data-FormValidator-4.66/lib/Data/FormValidator/Results.pm 2011-08-28 08:26:22.000000000 +0200 @@ -807,7 +807,7 @@ sub _create_sub_from_RE { # With methods, the value is the second argument my $val = $force_method_p ? $_[1] : $_[0]; my ($match) = scalar ($val =~ $re); - if ($untaint_this && defined $match) { + if ($untaint_this && $match) { # pass the value through a RE that matches anything to untaint it. my ($untainted) = ($& =~ m/(.*)/s); return $untainted; diff -up Data-FormValidator-4.66/t/untaint_match_check.t.orig Data-FormValidator-4.66/t/untaint_match_check.t --- Data-FormValidator-4.66/t/untaint_match_check.t.orig 2011-08-28 08:26:54.000000000 +0200 +++ Data-FormValidator-4.66/t/untaint_match_check.t 2011-08-28 08:26:30.000000000 +0200 @@ -0,0 +1,22 @@ +use strict; +use warnings; + +use Test::More tests => 3; + +use Data::FormValidator; + +"unrelated match" =~ /match/; + +my $result = Data::FormValidator->check( + { a => 'invalid value' }, # input data + { # validation profile + untaint_all_constraints => 1, + optional => ['a'], + constraints => { a => qr/never matches/, }, + }, +); + +ok( not $result->success ) + or diag( 'Valid: ', $result->valid ); +ok( $result->has_invalid ); +is_deeply( scalar($result->invalid), { 'a' => [ qr/never matches/ ] } );