Document taint-safeness. Life in the fast_abs_path()

[p5sagit/p5-mst-13.2.git] / lib / Cwd.pm

diff --git a/lib/Cwd.pm b/lib/Cwd.pm
index 0a1b2b8..d1ad76e 100644 (file)
--- a/lib/Cwd.pm
+++ b/lib/Cwd.pm
@@ -38,6 +38,8 @@ Returns the current working directory.
 
 Re-implements the getcwd(3) (or getwd(3)) functions in Perl.
 
+Taint-safe.
+
 =item cwd
 
     my $cwd = cwd();
@@ -46,7 +48,7 @@ The cwd() is the most natural form for the current architecture. For
 most systems it is identical to `pwd` (but without the trailing line
 terminator).
 
-Unfortunately, cwd() tends to break if called under taint mode.
+Unfortunately, cwd() is B<not> taint-safe.
 
 =item fastcwd
 
@@ -87,18 +89,24 @@ Uses the same algorithm as getcwd().  Symbolic links and relative-path
 components ("." and "..") are resolved to return the canonical
 pathname, just like realpath(3).
 
+Taint-safe.
+
 =item realpath
 
   my $abs_path = realpath($file);
 
 A synonym for abs_path().
 
+Taint-safe.
+
 =item fast_abs_path
 
-  my $abs_path = abs_path($file);
+  my $abs_path = fast_abs_path($file);
 
 A more dangerous, but potentially faster version of abs_path.
 
+B<Not> taint-safe.
+
 =back
 
 =head2 $ENV{PWD}
@@ -187,7 +195,10 @@ $pwd_cmd ||= 'pwd';
 
 # The 'natural and safe form' for UNIX (pwd may be setuid root)
 sub _backtick_pwd {
+    local @ENV{qw(PATH IFS CDPATH ENV BASH_ENV)};
     my $cwd = `$pwd_cmd`;
+    # Belt-and-suspenders in case someone said "undef $/".
+    local $/ = "\n";
     # `pwd` may fail e.g. if the disk is full
     chomp($cwd) if defined $cwd;
     $cwd;
@@ -198,7 +209,9 @@ sub _backtick_pwd {
 
 unless(defined &cwd) {
     # The pwd command is not available in some chroot(2)'ed environments
-    if($^O eq 'MacOS' || grep { -x "$_/pwd" } split(':', $ENV{PATH})) {
+    if( $^O eq 'MacOS' || (defined $ENV{PATH} && 
+                           grep { -x "$_/pwd" } split(':', $ENV{PATH})) ) 
+    {
        *cwd = \&_backtick_pwd;
     }
     else {
@@ -402,9 +415,10 @@ sub fast_abs_path {
     my $cwd = getcwd();
     require File::Spec;
     my $path = @_ ? shift : File::Spec->curdir;
-    CORE::chdir($path) || croak "Cannot chdir to $path:$!";
+    CORE::chdir($path) || croak "Cannot chdir to $path: $!";
     my $realpath = getcwd();
-    CORE::chdir($cwd)  || croak "Cannot chdir back to $cwd:$!";
+    -d $cwd && CORE::chdir($cwd) ||
+       croak "Cannot chdir back to $cwd: $!";
     $realpath;
 }
 
@@ -437,11 +451,13 @@ sub _vms_abs_path {
 sub _os2_cwd {
     $ENV{'PWD'} = `cmd /c cd`;
     chop $ENV{'PWD'};
+    $ENV{'PWD'} =~ s:\\:/:g ;
     return $ENV{'PWD'};
 }
 
 sub _win32_cwd {
     $ENV{'PWD'} = Win32::GetCwd();
+    $ENV{'PWD'} =~ s:\\:/:g ;
     return $ENV{'PWD'};
 }
 
@@ -454,6 +470,7 @@ sub _dos_cwd {
     if (!defined &Dos::GetCwd) {
         $ENV{'PWD'} = `command /c cd`;
         chop $ENV{'PWD'};
+        $ENV{'PWD'} =~ s:\\:/:g ;
     } else {
         $ENV{'PWD'} = Dos::GetCwd();
     }
@@ -461,12 +478,18 @@ sub _dos_cwd {
 }
 
 sub _qnx_cwd {
+       local $ENV{PATH} = '';
+       local $ENV{CDPATH} = '';
+       local $ENV{ENV} = '';
     $ENV{'PWD'} = `/usr/bin/fullpath -t`;
     chop $ENV{'PWD'};
     return $ENV{'PWD'};
 }
 
 sub _qnx_abs_path {
+       local $ENV{PATH} = '';
+       local $ENV{CDPATH} = '';
+       local $ENV{ENV} = '';
     my $path = @_ ? shift : '.';
     my $realpath=`/usr/bin/fullpath -t $path`;
     chop $realpath;