From: Steffen Mueller <unknown>
Date: Mon, 28 Jan 2008 05:16:19 +0000 (-0800)
Subject: Re: [perl #50322] CGITempFile causes "Insecure dependency in sprintf" in perl 5.10.0
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=af20bb8057137141992add1089555f24d545d8bb;p=p5sagit%2Fp5-mst-13.2.git

Re: [perl #50322] CGITempFile causes "Insecure dependency in sprintf" in perl 5.10.0
From: "Steffen Mueller via RT" <perlbug-followup@perl.org>
Message-ID: <rt-3.6.HEAD-4355-1201526176-323.50322-94-0@perl.org>

Fixes [perl #50322]

p4raw-id: //depot/perl@33143
---

diff --git a/lib/CGI.pm b/lib/CGI.pm
index a66f60d..11b10a7 100644
--- a/lib/CGI.pm
+++ b/lib/CGI.pm
@@ -19,7 +19,7 @@ use Carp 'croak';
 #   http://stein.cshl.org/WWW/software/CGI/
 
 $CGI::revision = '$Id: CGI.pm,v 1.240 2007/11/30 18:58:27 lstein Exp $';
-$CGI::VERSION='3.33_02';
+$CGI::VERSION='3.33_03';
 $CGI::VERSION=eval $CGI::VERSION;
 
 
@@ -4048,7 +4048,7 @@ sub new {
     my $filename;
     find_tempdir() unless -w $TMPDIRECTORY;
     for (my $i = 0; $i < $MAXTRIES; $i++) {
-	last if ! -f ($filename = sprintf("${TMPDIRECTORY}${SL}CGItemp%d",$sequence++));
+	last if ! -f ($filename = sprintf("\%s${SL}CGItemp%d",$TMPDIRECTORY,$sequence++));
     }
     # check that it is a more-or-less valid filename
     return unless $filename =~ m!^([a-zA-Z0-9_\+ \'\":/.\$\\-]+)$!;