From: rkinyon <rkinyon@50811bd7-b8ce-0310-adc1-d9db26280581>
Date: Fri, 17 Feb 2006 03:01:29 +0000 (+0000)
Subject: Taint doesn't work ... we need to fix that. The problem is the insecure open() provid... 
X-Git-Tag: 0-97~56
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=dd73115f3ba372118c87b1b9fae349541d3080c1;p=dbsrgits%2FDBM-Deep.git

Taint doesn't work ... we need to fix that. The problem is the insecure open() provided by FileHandle ...
---

diff --git a/lib/DBM/Deep.pm b/lib/DBM/Deep.pm
index b1c862f..7f1e55a 100644
--- a/lib/DBM/Deep.pm
+++ b/lib/DBM/Deep.pm
@@ -231,6 +231,9 @@ sub DESTROY {
 	}
 }
 
+sub is_tainted {
+        return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 };
+    }
 sub _open {
 	##
 	# Open a FileHandle to the database, create if nonexistent.
@@ -240,13 +243,14 @@ sub _open {
 
 	if (defined($self->fh)) { $self->_close(); }
 	
-	if (!(-e $self->root->{file}) && $self->root->{mode} eq 'r+') {
-		my $temp = FileHandle->new( $self->root->{file}, 'w' );
-		undef $temp;
-	}
+#    eval {
+        if (!(-e $self->root->{file}) && $self->root->{mode} eq 'r+') {
+            my $temp = FileHandle->new( $self->root->{file}, 'w' );
+        }
 	
-    #XXX Convert to set_fh()
-	$self->root->{fh} = FileHandle->new( $self->root->{file}, $self->root->{mode} );
+        #XXX Convert to set_fh()
+        $self->root->{fh} = FileHandle->new( $self->root->{file}, $self->root->{mode} );
+#    }; if ($@ ) { $self->_throw_error( "Received error: $@\n" ); }
 	if (! defined($self->fh)) {
 		return $self->_throw_error("Cannot open file: " . $self->root->{file} . ": $!");
 	}
diff --git a/t/01_basic.t b/t/01_basic.t
index 1c17a4d..f92d83b 100644
--- a/t/01_basic.t
+++ b/t/01_basic.t
@@ -12,7 +12,7 @@ use_ok( 'DBM::Deep' );
 unlink "t/test.db";
 my $db = eval { DBM::Deep->new( "t/test.db" ) };
 if ( DBM::Deep::error( $db ) || !$db ) {
-	diag "ERROR: " . (DBM::Deep::error($db) || "UNKNOWN\n");
+	diag "ERROR: " . (DBM::Deep::error($db) || $@ || "UNKNOWN\n");
     Test::More->builder->BAIL_OUT( "Opening a new file fails" );
 }