projects / dbsrgits/DBIx-Class.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw
Changed DBIC::Schema->load_classes to be taint-safe even when Module::Find is used...
[dbsrgits/DBIx-Class.git] / lib / DBIx / Class / Schema.pm
diff --git a/lib/DBIx/Class/Schema.pm b/lib/DBIx/Class/Schema.pm
index aaf8e9f..8f8d846 100644 (file)
--- a/lib/DBIx/Class/Schema.pm
+++ b/lib/DBIx/Class/Schema.pm
@@ -269,6 +269,13 @@ sub load_classes {
     foreach my $prefix (keys %comps_for) {
       foreach my $comp (@{$comps_for{$prefix}||[]}) {
         my $comp_class = "${prefix}::${comp}";
+        { # try to untaint module name. mods where this fails
+          # are left alone so we don't have to change the old behavior
+          no locale; # localized \w doesn't untaint expression
+          if ( $comp_class =~ m/^( (?:\w+::)* \w+ )$/x ) {
+            $comp_class = $1;
+          }
+        }
         $class->ensure_class_loaded($comp_class);
         $comp_class->source_name($comp) unless $comp_class->source_name;
 
The Perl ORM (dbsrgits@git.shadowcat.co.uk:DBIx-Class.git)