Taint doesn't work ... we need to fix that. The problem is the insecure open() provid...

diff --git a/lib/DBM/Deep.pm b/lib/DBM/Deep.pm
index b1c862f..7f1e55a 100644 (file)
--- a/lib/DBM/Deep.pm
+++ b/lib/DBM/Deep.pm
@@ -231,6 +231,9 @@ sub DESTROY {
        }
 }
 
+sub is_tainted {
+        return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 };
+    }
 sub _open {
        ##
        # Open a FileHandle to the database, create if nonexistent.
@@ -240,13 +243,14 @@ sub _open {
 
        if (defined($self->fh)) { $self->_close(); }
        
-       if (!(-e $self->root->{file}) && $self->root->{mode} eq 'r+') {
-               my $temp = FileHandle->new( $self->root->{file}, 'w' );
-               undef $temp;
-       }
+#    eval {
+        if (!(-e $self->root->{file}) && $self->root->{mode} eq 'r+') {
+            my $temp = FileHandle->new( $self->root->{file}, 'w' );
+        }
        
-    #XXX Convert to set_fh()
-       $self->root->{fh} = FileHandle->new( $self->root->{file}, $self->root->{mode} );
+        #XXX Convert to set_fh()
+        $self->root->{fh} = FileHandle->new( $self->root->{file}, $self->root->{mode} );
+#    }; if ($@ ) { $self->_throw_error( "Received error: $@\n" ); }
        if (! defined($self->fh)) {
                return $self->_throw_error("Cannot open file: " . $self->root->{file} . ": $!");
        }

diff --git a/t/01_basic.t b/t/01_basic.t
index 1c17a4d..f92d83b 100644 (file)
--- a/t/01_basic.t
+++ b/t/01_basic.t
@@ -12,7 +12,7 @@ use_ok( 'DBM::Deep' );
 unlink "t/test.db";
 my $db = eval { DBM::Deep->new( "t/test.db" ) };
 if ( DBM::Deep::error( $db ) || !$db ) {
-       diag "ERROR: " . (DBM::Deep::error($db) || "UNKNOWN\n");
+       diag "ERROR: " . (DBM::Deep::error($db) || $@ || "UNKNOWN\n");
     Test::More->builder->BAIL_OUT( "Opening a new file fails" );
 }