Skip Menu |
 

This queue is for tickets about the Archive-Zip CPAN distribution.

Report information
The Basics
Id: 78931
Status: new
Priority: 0/
Queue: Archive-Zip

People
Owner: Nobody in particular
Requestors: tim [...] bellinghausen.org
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 1.31_04
Fixed in: (no value)



Subject: Taint-mode bug in Archive::Zip::Archive::addTree
Download (untitled) / with headers
text/plain 821b
When a script uses taint-mode and Archive::Zip the usage of the addTree()-method causes an taint error with File::Find. The Problem is that the subdirectories, in the given directory are tainted and a chdir with a tainted value causes this error. File::Find::find has an "untaint" option to fix this, but it is not set from within addTree. So replacing File::Find::find( $wanted, $root ); with File::Find::find( {wanted => $wanted, untaint => 1}, $root ); fixes the problem. Since the documentation for File::Find says that setting the untaint option on programms without taint-mode set is a no-op, this looks like the best solution. The same Bug is reported in https://rt.cpan.org/Public/Bug/Display.html?id=48891 nearly three years ago. Please fix this for the next release. With best regards, Tim


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.