X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCwd.pm;h=8b00543e1e9801a51f34472b36cad6f4c3dbfcea;hb=1a95e36d92295cabb6c213a2f397c4cb7614d12c;hp=d85d1ea7dcdda910632f770526e29c0d5f90e581;hpb=926cbafe59ef28067493b902ada7a0be81a77e57;p=p5sagit%2Fp5-mst-13.2.git

diff --git a/lib/Cwd.pm b/lib/Cwd.pm
index d85d1ea..8b00543 100644
--- a/lib/Cwd.pm
+++ b/lib/Cwd.pm
@@ -38,6 +38,8 @@ Returns the current working directory.
 
 Re-implements the getcwd(3) (or getwd(3)) functions in Perl.
 
+Taint-safe.
+
 =item cwd
 
     my $cwd = cwd();
@@ -46,7 +48,7 @@ The cwd() is the most natural form for the current architecture. For
 most systems it is identical to `pwd` (but without the trailing line
 terminator).
 
-Unfortunately, cwd() tends to break if called under taint mode.
+Taint-safe.
 
 =item fastcwd
 
@@ -87,18 +89,25 @@ Uses the same algorithm as getcwd().  Symbolic links and relative-path
 components ("." and "..") are resolved to return the canonical
 pathname, just like realpath(3).
 
+Taint-safe.
+
 =item realpath
 
   my $abs_path = realpath($file);
 
 A synonym for abs_path().
 
+Taint-safe.
+
 =item fast_abs_path
 
   my $abs_path = fast_abs_path($file);
 
 A more dangerous, but potentially faster version of abs_path.
 
+This function is B<Not> taint-safe : you can't use it in programs
+that work under taint mode.
+
 =back
 
 =head2 $ENV{PWD}
@@ -262,9 +271,9 @@ sub fastcwd {
     $path = '/' . join('/', @path);
     if ($^O eq 'apollo') { $path = "/".$path; }
     # At this point $path may be tainted (if tainting) and chdir would fail.
-    # To be more useful we untaint it then check that we landed where we started.
-    $path = $1 if $path =~ /^(.*)\z/s;	# untaint
-    CORE::chdir($path) || return undef;
+    # Untaint it then check that we landed where we started.
+    $path =~ /^(.*)\z/s		# untaint
+	&& CORE::chdir($1) or return undef;
     ($cdev, $cino) = stat('.');
     die "Unstable directory path, current directory changed unexpectedly"
 	if $cdev != $orig_cdev || $cino != $orig_cino;
@@ -409,13 +418,7 @@ sub fast_abs_path {
     my $path = @_ ? shift : File::Spec->curdir;
     CORE::chdir($path) || croak "Cannot chdir to $path: $!";
     my $realpath = getcwd();
-    # I cannot think of an untainting regular expression 
-    # that wouldn't also (a) be unportable (b) disqualify valid pathnames
-    # so just untainting all of it here and relying on -d and CORE::chdir
-    # to verify the validity.
-    # --jhi
-    my ($cwd_untainted) = ($cwd =~ /^(.+)$/);
-    -d $cwd_untainted && CORE::chdir($cwd_untainted) ||
+    -d $cwd && CORE::chdir($cwd) ||
 	croak "Cannot chdir back to $cwd: $!";
     $realpath;
 }