ignore PERL_XMLDUMP when tainting

In theory this is a security issue, but from discussion on the
security list that the system perl (or the perl used for anything
critical) is wildly unlikely to have been built with -Dmad.

1 files changed, 46 insertions, 0 deletions

diff --git a/t/run/mad.t b/t/run/mad.t
new file mode 100644
index 0000000000..3c78df86dc
--- /dev/null
+++ b/t/run/mad.t
@@ -0,0 +1,46 @@
+#!./perl
+#
+# Tests for Perl mad environment
+#
+# $PERL_XMLDUMP
+
+BEGIN {
+    chdir 't' if -d 't';
+    @INC = '../lib';
+    require Config; import Config;
+    require './test.pl';
+    skip_all_without_config('mad');
+}
+
+use File::Path;
+
+my $tempdir = tempfile;
+
+mkdir $tempdir, 0700 or die "Can't mkdir '$tempdir': $!";
+chdir $tempdir or die die "Can't chdir '$tempdir': $!";
+unshift @INC, '../../lib';
+my $cleanup = 1;
+
+END {
+    if ($cleanup) {
+	chdir '..' or die "Couldn't chdir .. for cleanup: $!";
+	rmtree($tempdir);
+    }
+}
+
+plan tests => 4;
+
+{
+    local %ENV = %ENV;
+    $ENV{PERL_XMLDUMP} = "withoutT.xml";
+    fresh_perl_is('print q/hello/', '', {}, 'mad without -T');
+    ok(-f "withoutT.xml", "xml file created without -T as expected");
+}
+
+{
+    local %ENV = %ENV;
+    $ENV{PERL_XMLDUMP} = "withT.xml";
+    fresh_perl_is('print q/hello/', 'hello', { switches => [ "-T" ] },
+		  'mad with -T');
+    ok(!-e "withT.xml", "no xml file created with -T as expected");
+}