From: Rafael Garcia-Suarez <rgarciasuarez@gmail.com>
Date: Mon, 5 Nov 2001 17:10:29 +0000 (+0100)
Subject: Re: Tainted $ENV{TMPDIR} and File::Spec->tmpdir()
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=b4c5e263c3e0ec8af3615a4049145b94b9d139bd;p=p5sagit%2Fp5-mst-13.2.git

Re: Tainted $ENV{TMPDIR} and File::Spec->tmpdir()
Message-ID: <1004976629.3be6b9f593085@imp3-1.free.fr>

p4raw-id: //depot/perl@12854
---

diff --git a/lib/File/Spec/Unix.pm b/lib/File/Spec/Unix.pm
index fcbe767..32ace3b 100644
--- a/lib/File/Spec/Unix.pm
+++ b/lib/File/Spec/Unix.pm
@@ -3,7 +3,7 @@ package File::Spec::Unix;
 use strict;
 our($VERSION);
 
-$VERSION = '1.3';
+$VERSION = '1.4';
 
 use Cwd;
 
@@ -124,12 +124,20 @@ from the following list or "" if none are writable:
     $ENV{TMPDIR}
     /tmp
 
+Since perl 5.8.0, if running under taint mode, and if $ENV{TMPDIR}
+is tainted, it is not used.
+
 =cut
 
 my $tmpdir;
 sub tmpdir {
     return $tmpdir if defined $tmpdir;
-    foreach ($ENV{TMPDIR}, "/tmp") {
+    my @dirlist = ($ENV{TMPDIR}, "/tmp");
+    if (${"\cTAINT"}) { # Check for taint mode on perl >= 5.8.0
+        require Scalar::Util;
+        shift @dirlist if Scalar::Util::tainted($ENV{TMPDIR});
+    }
+    foreach (@dirlist) {
 	next unless defined && -d && -w _;
 	$tmpdir = $_;
 	last;