projects / p5sagit/p5-mst-13.2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (parent: d3632a5)
cwd() taint safe (was Re: [PATCH lib/Cwd.pm ext/Cwd/Makefile.PL] Full doc cleanup...
Michael G. Schwern [Tue, 4 Sep 2001 17:39:13 +0000 (13:39 -0400)]
Message-ID: <20010904173913.C626@blackrider>

p4raw-id: //depot/perl@11879

lib/Cwd.pm patch | blob | blame | history

diff --git a/lib/Cwd.pm b/lib/Cwd.pm
index 3c5c50a..37217fa 100644 (file)
--- a/lib/Cwd.pm
+++ b/lib/Cwd.pm
@@ -131,10 +131,22 @@ eval {
     XSLoader::load('Cwd');
 };
 
-# The 'natural and safe form' for UNIX (pwd may be setuid root)
 
+# Find the pwd command in the expected locations.  We assume these
+# are safe.  This prevents _backtick_pwd() consulting $ENV{PATH}
+# so everything works under taint mode.
+my $pwd_cmd;
+foreach my $try (qw(/bin/pwd /usr/bin/pwd)) {
+    if( -x $try ) {
+        $pwd_cmd = $try;
+        last;
+    }
+}
+$pwd_cmd ||= 'pwd';
+
+# The 'natural and safe form' for UNIX (pwd may be setuid root)
 sub _backtick_pwd {
-    my $cwd = `pwd`;
+    my $cwd = `$pwd_cmd`;
     # `pwd` may fail e.g. if the disk is full
     chomp($cwd) if defined $cwd;
     $cwd;
Unnamed repository; edit this file to name it for gitweb.