From: grink Date: Fri, 12 Jun 2009 23:54:57 +0000 (+0000) Subject: Fixed up INC untaint procedure to skip/ignore CODE, ARRAY, blessed entries. X-Git-Tag: 1.006009~73 X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=p5sagit%2Flocal-lib.git;a=commitdiff_plain;h=6e5079df2185e33ef2b81de51f3c51ae26d1773d Fixed up INC untaint procedure to skip/ignore CODE, ARRAY, blessed entries. Include test in xt/ for the above git-svn-id: http://dev.catalyst.perl.org/repos/bast/local-lib/1.000/trunk@6654 bd8105ee-0ff8-0310-8827-fb3f25b6796d --- diff --git a/Changes b/Changes index d6b020b..24ebc3d 100644 --- a/Changes +++ b/Changes @@ -1,5 +1,8 @@ Revision history for local::lib + - Fixed up INC untaint procedure to skip/ignore CODE, ARRAY, blessed entries. + - Include test in xt/ for the above + - Put PERL5LIB first, so it'll be favored over privlibexp and archlibexp when self contained. - Automatically untaint @INC diff --git a/lib/local/lib.pm b/lib/local/lib.pm index 1f7a33a..6cd40b2 100644 --- a/lib/local/lib.pm +++ b/lib/local/lib.pm @@ -50,7 +50,10 @@ DEATH die "unrecognized import argument: $flag"; } - m/(.*)/ and $_ = $1 for @INC; # Untaint @INC + for (@INC) { # Untaint @INC + next if ref; # Skip entry if it is an ARRAY, CODE, blessed, etc. + m/(.*)/ and $_ = $1; + } } sub pipeline; diff --git a/xt/subroutine-in-inc.t b/xt/subroutine-in-inc.t new file mode 100644 index 0000000..9186a80 --- /dev/null +++ b/xt/subroutine-in-inc.t @@ -0,0 +1,26 @@ +#!/usr/bin/perl -w + +use Test::More; + +plan qw/no_plan/; + +use File::Spec; +use Cwd; +use File::Temp qw/ tempdir /; +my $dir = tempdir( DIR => Cwd::abs_path('t'), CLEANUP => 1 ); +my $base; + +sub CODE_in_INC() { + return scalar grep { ref eq 'CODE' } @INC; +} + +BEGIN { + $base = CODE_in_INC; + unshift @INC, sub { }; + splice @INC, 3, 1, sub { }; + push @INC, sub { }; +} + +use local::lib( $dir ); + +is( CODE_in_INC, $base + 3 );