Stas' tainting worries, obscured by me.

p4raw-id: //depot/perl@15950
author: Jarkko Hietaniemi <jhi@iki.fi> 2002-04-16 13:36:30 +0000
committer: Jarkko Hietaniemi <jhi@iki.fi> 2002-04-16 13:36:30 +0000
commit: 926cbafe59ef28067493b902ada7a0be81a77e57 (patch)
tree: d71be45e833b28d28ecec336cd9660780012b978 /lib/Cwd.pm
parent: fe30b7f462c3fd9dd4006057fb687b35590b7378 (diff)
download: perl-926cbafe59ef28067493b902ada7a0be81a77e57.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/Cwd.pm b/lib/Cwd.pm
index 6f3cb7c935..d85d1ea7dc 100644
--- a/lib/Cwd.pm
+++ b/lib/Cwd.pm
@@ -407,9 +407,16 @@ sub fast_abs_path {
     my $cwd = getcwd();
     require File::Spec;
     my $path = @_ ? shift : File::Spec->curdir;
-    CORE::chdir($path) || croak "Cannot chdir to $path:$!";
+    CORE::chdir($path) || croak "Cannot chdir to $path: $!";
     my $realpath = getcwd();
-    CORE::chdir($cwd)  || croak "Cannot chdir back to $cwd:$!";
+    # I cannot think of an untainting regular expression 
+    # that wouldn't also (a) be unportable (b) disqualify valid pathnames
+    # so just untainting all of it here and relying on -d and CORE::chdir
+    # to verify the validity.
+    # --jhi
+    my ($cwd_untainted) = ($cwd =~ /^(.+)$/);
+    -d $cwd_untainted && CORE::chdir($cwd_untainted) ||
+	croak "Cannot chdir back to $cwd: $!";
     $realpath;
 }
author	Jarkko Hietaniemi <jhi@iki.fi>	2002-04-16 13:36:30 +0000
committer	Jarkko Hietaniemi <jhi@iki.fi>	2002-04-16 13:36:30 +0000
commit	926cbafe59ef28067493b902ada7a0be81a77e57 (patch)
tree	d71be45e833b28d28ecec336cd9660780012b978 /lib/Cwd.pm
parent	fe30b7f462c3fd9dd4006057fb687b35590b7378 (diff)
download	perl-926cbafe59ef28067493b902ada7a0be81a77e57.tar.gz