From: Nicholas Clark <nick@ccl4.org>
Date: Mon, 27 Feb 2006 16:13:05 +0000 (+0000)
Subject: Move all the de-tainting logic for runperl into test.pl.
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=613de57f1df271b4819b04c5522a963f3b1f0f50;p=p5sagit%2Fp5-mst-13.2.git

Move all the de-tainting logic for runperl into test.pl.

p4raw-id: //depot/perl@27345
---

diff --git a/t/op/utftaint.t b/t/op/utftaint.t
index ab2a06d..d6e900d 100644
--- a/t/op/utftaint.t
+++ b/t/op/utftaint.t
@@ -144,9 +144,6 @@ for my $ary ([ascii => 'perl'], [latin1 => "\xB6"]) {
 }
 
 {
-    my @keys = qw(CDPATH IFS ENV BASH_ENV);
-    push @keys, qw(PATH) unless $^O eq 'MSWin32';
-    local @ENV{@keys} = (undef) x scalar(@keys);
     fresh_perl_is('$a = substr $^X, 0, 0; /\x{100}/i; /$a\x{100}/i || print q,ok,',
 		  'ok', {switches => ["-T", "-l"]},
 		  "matching a regexp is taint agnostic");
diff --git a/t/test.pl b/t/test.pl
index 4e00816..c3e01e8 100644
--- a/t/test.pl
+++ b/t/test.pl
@@ -481,16 +481,36 @@ sub runperl {
     die "test.pl:runperl() does not take a hashref"
 	if ref $_[0] and ref $_[0] eq 'HASH';
     my $runperl = &_create_runperl;
+    my $result;
+
     if (${^TAINT}) {
-	# We will assume that if you're running under -T, you really mean
-	# to run a fresh perl, so we'll brute force launder everything for
-	# you
-	foreach ($runperl, $ENV{PATH}) {
-	    $_ =~ /(.*)/s;
-	    $_ = $1;
+	# We will assume that if you're running under -T, you really mean to
+	# run a fresh perl, so we'll brute force launder everything for you
+	my $sep;
+
+	eval "require Config; Config->import";
+	if ($@) {
+	    warn "test.pl had problems loading Config: $@";
+	    $sep = ':';
+	} else {
+	    $sep = $Config{path_sep};
 	}
+
+	my @keys = grep {exists $ENV{$_}} qw(CDPATH IFS ENV BASH_ENV);
+	local @ENV{@keys} = ();
+	# Untaint, plus take out . and empty string:
+	$ENV{PATH} =~ /(.*)/s;
+	local $ENV{PATH}
+	    = join $sep, grep {$_ ne "" and $_ ne "."}
+		split quotemeta ($sep), $1;
+
+	$runperl =~ /(.*)/s;
+	$runperl = $1;
+
+	$result = `$runperl`;
+    } else {
+	$result = `$runperl`;
     }
-    my $result = `$runperl`;
     $result =~ s/\n\n/\n/ if $is_vms; # XXX pipes sometimes double these
     return $result;
 }