|Subject:||URI::file->cwd does not work under taint mode|
URI::file->cwd breaks under taint mode. The problem is the C<eval "require $class"> line in os_class(). $class is tainted by $^O. $^O appears to be tainted inside Cwd by the condition around lines 331-333. This may be a MacOS specific thing as Cwd chooses _backtick_cwd(). This is using the latest Cwd (3.04). I realize this is a Cwd bug but I figured you'd like to know to work around it. Attached is a patch which turns on tainting for the -T tests as well as tests that URI::file->cwd works in taint mode. The second currently fails for me. It comes with a gallon of Test::More kool-aid but avoids a dependency by shipping TM with the module in a way that it is not indexed.
Message body is not shown because it is too large.