detaint version, if needed (RT#88576, Chris Williams)

[p5sagit/Module-Metadata.git] / lib / Module / Metadata.pm

diff --git a/lib/Module/Metadata.pm b/lib/Module/Metadata.pm
index 29a5024..969d67c 100644 (file)
--- a/lib/Module/Metadata.pm
+++ b/lib/Module/Metadata.pm
@@ -12,8 +12,7 @@ package Module::Metadata;
 use strict;
 use warnings;
 
-use vars qw($VERSION);
-$VERSION = '1.000016';
+our $VERSION = '1.000016';
 $VERSION = eval $VERSION;
 
 use Carp qw/croak/;
@@ -651,7 +650,7 @@ sub _evaluate_version_line {
   # compiletime/runtime issues with local()
   my $vsub;
   $pn++; # everybody gets their own package
-  my $eval = qq{BEGIN { q#  Hide from _packages_inside()
+  my $eval = qq{BEGIN { my \$dummy = q#  Hide from _packages_inside()
     #; package Module::Metadata::_version::p$pn;
     use version;
     no strict;
@@ -664,6 +663,8 @@ sub _evaluate_version_line {
       };
   }};
 
+  $eval = $1 if $eval =~ m{^(.+)}s;
+
   local $^W;
   # Try to get the $VERSION
   eval $eval;