Re: lib/File/Find/taint.t
by Jeffrey Friedl other posts by this author
Jun 30 2001 3:02PM messages near this date
Re: [PATCH] op/numconver.t
|
Re: Why extra -I in "make test"?
Here's a patch to fix the test.
To get more info, though, it might be reasonable to put some warning
messages into mg.c (search for "too long").
Jeffrey
---------------------------------------------------------
--- .orig/lib/File/Find/taint.t Fri Jun 29 07:08:34 2001
+++ ./lib/File/Find/taint.t Sat Jun 30 13:57:23 2001
@@ -8,13 +8,31 @@
my $cwd;
my $cwd_untainted;
+use Config;
+
BEGIN {
chdir 't' if -d 't';
unshift @INC => '../lib';
for (keys %ENV) { # untaint ENV
- ($ENV{$_}) = $ENV{$_} =~ /(.*)/;
+ ($ENV{$_}) = $ENV{$_} =~ /(.*)/;
}
+
+ # Remove insecure directories from PATH
+ my @path;
+ my $sep = $Config{path_sep};
+ foreach my $dir (split(/\Q$sep/,$ENV{'PATH'}))
+ {
+ ##
+ ## Match the directory taint tests in mg.c::Perl_magic_setenv()
+ ##
+ push(@path,$dir) unless (length($dir) > = 256
+ or
+ substr($dir,0,1) ne "/"
+ or
+ (stat $dir)[2] & 002);
+ }
+ $ENV{'PATH'} = join($sep,@path);
}
@@ -24,16 +42,7 @@
use File::Find;
use File::Spec;
use Cwd;
-use Config;
-# Remove insecure directories from PATH
-my @path;
-my $sep = $Config{path_sep};
-foreach my $dir (split(/$sep/,$ENV{'PATH'}))
- {
- push(@path,$dir) unless (stat $dir)[2] & 0002;
- }
-$ENV{'PATH'} = join($sep,@path);
my $NonTaintedCwd = $^O eq 'MSWin32' || $^O eq 'cygwin';
|
