diff options
| author | Chris 'BinGOs' Williams <chris@bingosnet.co.uk> | 2016-07-28 15:43:19 +0100 |
|---|---|---|
| committer | Chris 'BinGOs' Williams <chris@bingosnet.co.uk> | 2016-07-28 17:02:33 +0100 |
| commit | 1279d9234c7e7c0c0cc4d980396201696bace825 (patch) | |
| tree | b34c04a29093a90aa611ed66594202bbe3182ac2 /cpan/Module-Load-Conditional | |
| parent | 38ab612acfe3528276f4a4e63c523d193ea047b8 (diff) | |
| download | perl-1279d9234c7e7c0c0cc4d980396201696bace825.tar.gz | |
Update Module-Load-Conditional to CPAN version 0.66
[DELTA]
0.66 Wed Jul 27 08:22:53 BST 2016
* Add FORCE_SAFE_INC option to fix CVE-2016-1238
Diffstat (limited to 'cpan/Module-Load-Conditional')
| -rw-r--r-- | cpan/Module-Load-Conditional/lib/Module/Load/Conditional.pm | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/cpan/Module-Load-Conditional/lib/Module/Load/Conditional.pm b/cpan/Module-Load-Conditional/lib/Module/Load/Conditional.pm index ace55ad845..592bfbb073 100644 --- a/cpan/Module-Load-Conditional/lib/Module/Load/Conditional.pm +++ b/cpan/Module-Load-Conditional/lib/Module/Load/Conditional.pm @@ -19,14 +19,15 @@ use constant QUOTE => do { ON_WIN32 ? q["] : q['] }; BEGIN { use vars qw[ $VERSION @ISA $VERBOSE $CACHE @EXPORT_OK $DEPRECATED - $FIND_VERSION $ERROR $CHECK_INC_HASH]; + $FIND_VERSION $ERROR $CHECK_INC_HASH $FORCE_SAFE_INC ]; use Exporter; @ISA = qw[Exporter]; - $VERSION = '0.64'; + $VERSION = '0.66'; $VERBOSE = 0; $DEPRECATED = 0; $FIND_VERSION = 1; $CHECK_INC_HASH = 0; + $FORCE_SAFE_INC = 0; @EXPORT_OK = qw[check_install can_load requires]; } @@ -201,6 +202,9 @@ sub check_install { ### so scan the dirs unless( $filename ) { + local @INC = @INC; + pop @INC if $FORCE_SAFE_INC && $INC[-1] eq '.'; + DIR: for my $dir ( @INC ) { my $fh; @@ -307,6 +311,8 @@ sub check_install { } if ( $DEPRECATED and "$]" >= 5.011 ) { + local @INC = @INC; + pop @INC if $INC[-1] eq '.'; require Module::CoreList; require Config; @@ -444,6 +450,9 @@ sub can_load { if ( $CACHE->{$mod}->{uptodate} ) { + local @INC = @INC; + pop @INC if $FORCE_SAFE_INC && $INC[-1] eq '.'; + if ( $args->{autoload} ) { my $who = (caller())[0]; eval { autoload_remote $who, $mod }; @@ -509,6 +518,9 @@ sub requires { return undef; } + local @INC = @INC; + pop @INC if $FORCE_SAFE_INC && $INC[-1] eq '.'; + my $lib = join " ", map { qq["-I$_"] } @INC; my $oneliner = 'print(join(qq[\n],map{qq[BONG=$_]}keys(%INC)),qq[\n])'; my $cmd = join '', qq["$^X" $lib -M$who -e], QUOTE, $oneliner, QUOTE; @@ -562,6 +574,12 @@ you. The default is 0; +=head2 $Module::Load::Conditional::FORCE_SAFE_INC + +This controls whether C<Module::Load::Conditional> sanitises C<@INC> +by removing "C<.>". The current default setting is C<0>, but this +may change in a future release. + =head2 $Module::Load::Conditional::CACHE This holds the cache of the C<can_load> function. If you explicitly |