Skip Menu |

This queue is for tickets about the Term-Cap CPAN distribution.

Report information
The Basics
Id: 132939
Status: open
Priority: 0/
Queue: Term-Cap
People
Owner: Nobody in particular
Requestors: davidnmfarrell [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Sat Jul 04 20:38:13 2020 davidnmfarrell [...] gmail.com - Ticket created
Subject: Split with capture risks parsing unintended file
Date: Sat, 4 Jul 2020 20:37:57 -0400
To: bug-Term-Cap [...] rt.cpan.org
From: David Farrell <davidnmfarrell [...] gmail.com>
Term::Cap version 1.17 The termcap_path subroutine uses split with a capture on the colon or space delimited files in $ENV{TERMPATH}. This includes the separator in the split output. These elements are usually removed by the last line of the subroutine: return grep { defined $_ && -f $_ } @termcap_path; However if a colon-delimited TERMPATH was provided and the file ":" exists, Term::Cap will attempt to parse it. This (low) risk can be avoided, and the code made more efficient by not using a capture in the split: diff --git a/cpan/Term-Cap/Cap.pm b/cpan/Term-Cap/Cap.pm index 12d8299a3a..12395815b2 100644 --- a/cpan/Term-Cap/Cap.pm +++ b/cpan/Term-Cap/Cap.pm @@ -91,7 +91,7 @@ sub termcap_path { # Add the users $TERMPATH - push( @termcap_path, split( /(:|\s+)/, $ENV{TERMPATH} ) ); + push( @termcap_path, split( /:|\s+/, $ENV{TERMPATH} ) ); } else { Thanks

Message body is not shown because sender requested not to inline it.

  Sun Jul 05 04:46:13 2020 jonathan.stowe [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #132939] Split with capture risks parsing unintended file
Date: Sun, 05 Jul 2020 09:46:01 +0100
To: bug-Term-Cap [...] rt.cpan.org
From: Jonathan Stowe <jonathan.stowe [...] gmail.com>
Hi, any chance that you could send this as a PR on github? https://github.com/jonathanstowe/Term-Cap I'm not really tracking RT much. /J\ On Sat, 2020-07-04 at 20:38 -0400, David Farrell via RT wrote: Show quoted text
> Sat Jul 04 20:38:13 2020: Request 132939 was acted upon. > Transaction: Ticket created by davidnmfarrell@gmail.com > Queue: Term-Cap > Subject: Split with capture risks parsing unintended file > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: davidnmfarrell@gmail.com > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=132939 > > > > Term::Cap version 1.17 > > The termcap_path subroutine uses split with a capture on the colon or > space > delimited files in $ENV{TERMPATH}. > This includes the separator in the split output. These elements are > usually > removed by the last line of the subroutine: > > return grep { defined $_ && -f $_ } @termcap_path; > > However if a colon-delimited TERMPATH was provided and the file ":" > exists, > Term::Cap will attempt to parse it. > > This (low) risk can be avoided, and the code made more efficient by > not > using a capture in the split: > > diff --git a/cpan/Term-Cap/Cap.pm b/cpan/Term-Cap/Cap.pm > index 12d8299a3a..12395815b2 100644 > --- a/cpan/Term-Cap/Cap.pm > +++ b/cpan/Term-Cap/Cap.pm > @@ -91,7 +91,7 @@ sub termcap_path > { > > # Add the users $TERMPATH > - push( @termcap_path, split( /(:|\s+)/, $ENV{TERMPATH} ) ); > + push( @termcap_path, split( /:|\s+/, $ENV{TERMPATH} ) ); > } > else > { > > Thanks >
  Sun Jul 05 04:46:14 2020 The RT System itself - Status changed from 'new' to 'open'
  Sun Jul 05 10:48:11 2020 davidnmfarrell [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #132939] Split with capture risks parsing unintended file
Date: Sun, 5 Jul 2020 10:47:49 -0400
To: bug-Term-Cap [...] rt.cpan.org
From: David Farrell <davidnmfarrell [...] gmail.com>
Sure thing - done. On Sun, 5 Jul 2020 at 04:46, Jonathan Stowe via RT <bug-Term-Cap@rt.cpan.org> wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=132939 > > > Hi, > any chance that you could send this as a PR on github? > https://github.com/jonathanstowe/Term-Cap I'm not really tracking RT > much. > > /J\ > On Sat, 2020-07-04 at 20:38 -0400, David Farrell via RT wrote:
> > Sat Jul 04 20:38:13 2020: Request 132939 was acted upon. > > Transaction: Ticket created by davidnmfarrell@gmail.com > > Queue: Term-Cap > > Subject: Split with capture risks parsing unintended file > > Broken in: (no value) > > Severity: (no value) > > Owner: Nobody > > Requestors: davidnmfarrell@gmail.com > > Status: new > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=132939 > > > > > > > Term::Cap version 1.17 > > > > The termcap_path subroutine uses split with a capture on the colon or > > space > > delimited files in $ENV{TERMPATH}. > > This includes the separator in the split output. These elements are > > usually > > removed by the last line of the subroutine: > > > > return grep { defined $_ && -f $_ } @termcap_path; > > > > However if a colon-delimited TERMPATH was provided and the file ":" > > exists, > > Term::Cap will attempt to parse it. > > > > This (low) risk can be avoided, and the code made more efficient by > > not > > using a capture in the split: > > > > diff --git a/cpan/Term-Cap/Cap.pm b/cpan/Term-Cap/Cap.pm > > index 12d8299a3a..12395815b2 100644 > > --- a/cpan/Term-Cap/Cap.pm > > +++ b/cpan/Term-Cap/Cap.pm > > @@ -91,7 +91,7 @@ sub termcap_path > > { > > > > # Add the users $TERMPATH > > - push( @termcap_path, split( /(:|\s+)/, $ENV{TERMPATH} ) ); > > + push( @termcap_path, split( /:|\s+/, $ENV{TERMPATH} ) ); > > } > > else > > { > > > > Thanks > >
> >