| Subject: | URI::file->cwd does not work under taint mode |
URI::file->cwd breaks under taint mode. The problem is the C<eval "require $class"> line in os_class(). $class is tainted by $^O. $^O appears to be tainted inside Cwd by the condition around lines 331-333. This may be a MacOS specific thing as Cwd chooses _backtick_cwd().
This is using the latest Cwd (3.04).
I realize this is a Cwd bug but I figured you'd like to know to work around it.
Attached is a patch which turns on tainting for the -T tests as well as tests that URI::file->cwd works in taint mode. The second currently fails for me. It comes with a gallon of Test::More kool-aid but avoids a dependency by shipping TM with the module in a way that it is not indexed.
Message body is not shown because it is too large.