Subject: | Split with capture risks parsing unintended file |
Date: | Sat, 4 Jul 2020 20:37:57 -0400 |
To: | bug-Term-Cap [...] rt.cpan.org |
From: | David Farrell <davidnmfarrell [...] gmail.com> |
Term::Cap version 1.17
The termcap_path subroutine uses split with a capture on the colon or space
delimited files in $ENV{TERMPATH}.
This includes the separator in the split output. These elements are usually
removed by the last line of the subroutine:
return grep { defined $_ && -f $_ } @termcap_path;
However if a colon-delimited TERMPATH was provided and the file ":" exists,
Term::Cap will attempt to parse it.
This (low) risk can be avoided, and the code made more efficient by not
using a capture in the split:
diff --git a/cpan/Term-Cap/Cap.pm b/cpan/Term-Cap/Cap.pm
index 12d8299a3a..12395815b2 100644
--- a/cpan/Term-Cap/Cap.pm
+++ b/cpan/Term-Cap/Cap.pm
@@ -91,7 +91,7 @@ sub termcap_path
{
# Add the users $TERMPATH
- push( @termcap_path, split( /(:|\s+)/, $ENV{TERMPATH} ) );
+ push( @termcap_path, split( /:|\s+/, $ENV{TERMPATH} ) );
}
else
{
Thanks
Message body is not shown because sender requested not to inline it.