Fixed up INC untaint procedure to skip/ignore CODE, ARRAY, blessed entries.

Include test in xt/ for the above

git-svn-id: http://dev.catalyst.perl.org/repos/bast/local-lib/1.000/trunk@6654 bd8105ee-0ff8-0310-8827-fb3f25b6796d

diff --git a/Changes b/Changes
index d6b020b..24ebc3d 100644 (file)
--- a/Changes
+++ b/Changes
@@ -1,5 +1,8 @@
 Revision history for local::lib
 
+        - Fixed up INC untaint procedure to skip/ignore CODE, ARRAY, blessed entries.
+        - Include test in xt/ for the above
+
         - Put PERL5LIB first, so it'll be favored over privlibexp and
           archlibexp when self contained.
         - Automatically untaint @INC

diff --git a/lib/local/lib.pm b/lib/local/lib.pm
index 1f7a33a..6cd40b2 100644 (file)
--- a/lib/local/lib.pm
+++ b/lib/local/lib.pm
@@ -50,7 +50,10 @@ DEATH
       die "unrecognized import argument: $flag";
   }
 
-  m/(.*)/ and $_ = $1 for @INC; # Untaint @INC
+  for (@INC) { # Untaint @INC
+    next if ref; # Skip entry if it is an ARRAY, CODE, blessed, etc.
+    m/(.*)/ and $_ = $1;
+  }
 }
 
 sub pipeline;

diff --git a/xt/subroutine-in-inc.t b/xt/subroutine-in-inc.t
new file mode 100644 (file)
index 0000000..9186a80
--- /dev/null
+++ b/xt/subroutine-in-inc.t
@@ -0,0 +1,26 @@
+#!/usr/bin/perl -w
+
+use Test::More;
+
+plan qw/no_plan/;
+
+use File::Spec;
+use Cwd;
+use File::Temp qw/ tempdir /;
+my $dir = tempdir( DIR => Cwd::abs_path('t'), CLEANUP => 1 );
+my $base;
+
+sub CODE_in_INC() {
+    return scalar grep { ref eq 'CODE' } @INC;
+}
+
+BEGIN {
+    $base = CODE_in_INC;
+    unshift @INC, sub { };
+    splice @INC, 3, 1, sub { };
+    push @INC, sub { };
+}
+
+use local::lib( $dir );
+
+is( CODE_in_INC, $base + 3 );