From: Curtis Poe <cp@onsitetech.com>
Date: Tue, 21 May 2002 11:17:40 +0000 (-0700)
Subject: Re: [Patch] for problem with shellwords.pl
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=86a5040c5a91f7c3b776b243300d5415c6c58021;p=p5sagit%2Fp5-mst-13.2.git

Re: [Patch] for problem with shellwords.pl
From: "Curtis Poe" <cp@onsitetech.com>
Date: Tue, 21 May 2002 11:17:40 -0700
Message-ID: <015c01c200f3$cb691670$1a01a8c0@ot.onsitetech.com>

Subject: [Patch] for security problem with Text::ParseWords
From: "Curtis Poe" <cp@onsitetech.com>
Date: Tue, 21 May 2002 15:10:18 -0700
Message-ID: <022f01c20114$4b3c4550$1a01a8c0@ot.onsitetech.com>

p4raw-id: //depot/perl@16727
---

diff --git a/lib/Text/ParseWords.pm b/lib/Text/ParseWords.pm
index e370f6f..6949c45 100644
--- a/lib/Text/ParseWords.pm
+++ b/lib/Text/ParseWords.pm
@@ -50,6 +50,7 @@ sub nested_quotewords {
 sub parse_line {
 	# We will be testing undef strings
 	no warnings;
+	use re 'taint'; # if it's tainted, leave it as such
 
     my($delimiter, $keep, $line) = @_;
     my($quote, $quoted, $unquoted, $delim, $word, @pieces);
diff --git a/lib/shellwords.pl b/lib/shellwords.pl
index 1c45a5a..ca7dc7e 100644
--- a/lib/shellwords.pl
+++ b/lib/shellwords.pl
@@ -17,6 +17,7 @@ sub shellwords {
     while ($_ ne '') {
 	$field = '';
 	for (;;) {
+	    use re 'taint'; # leave strings tainted
 	    if (s/^"(([^"\\]|\\.)*)"//) {
 		($snippet = $1) =~ s#\\(.)#$1#g;
 	    }