Skip Menu |
 

This queue is for tickets about the URI CPAN distribution.

Report information
The Basics
Id: 12356
Status: resolved
Priority: 0/
Queue: URI

People
Owner: Nobody in particular
Requestors:
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: (no value)
Fixed in: (no value)



Subject: URI::file->cwd does not work under taint mode
Download (untitled) / with headers
text/plain 687b
URI::file->cwd breaks under taint mode. The problem is the C<eval "require $class"> line in os_class(). $class is tainted by $^O. $^O appears to be tainted inside Cwd by the condition around lines 331-333. This may be a MacOS specific thing as Cwd chooses _backtick_cwd(). This is using the latest Cwd (3.04). I realize this is a Cwd bug but I figured you'd like to know to work around it. Attached is a patch which turns on tainting for the -T tests as well as tests that URI::file->cwd works in taint mode. The second currently fails for me. It comes with a gallon of Test::More kool-aid but avoids a dependency by shipping TM with the module in a way that it is not indexed.
Download uri.patch
text/x-diff 80.9k

Message body is not shown because it is too large.



This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.