Skip Menu | will be shut down on March 1st, 2021.

This queue is for tickets about the Archive-Zip CPAN distribution.

Report information
The Basics
Id: 78931
Status: new
Priority: 0/
Queue: Archive-Zip

Owner: Nobody in particular
Requestors: tim [...]

Bug Information
Severity: Important
Broken in: 1.31_04
Fixed in: (no value)

Subject: Taint-mode bug in Archive::Zip::Archive::addTree
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 821
Download (untitled) / with headers
text/plain 821b
When a script uses taint-mode and Archive::Zip the usage of the addTree()-method causes an taint error with File::Find. The Problem is that the subdirectories, in the given directory are tainted and a chdir with a tainted value causes this error. File::Find::find has an "untaint" option to fix this, but it is not set from within addTree. So replacing File::Find::find( $wanted, $root ); with File::Find::find( {wanted => $wanted, untaint => 1}, $root ); fixes the problem. Since the documentation for File::Find says that setting the untaint option on programms without taint-mode set is a no-op, this looks like the best solution. The same Bug is reported in nearly three years ago. Please fix this for the next release. With best regards, Tim

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to