| Subject: | Zip.pm uses tainted variable |
lastModTime() returns a tainted value. The attached, crude patch fixes this.
Eg. amavis and spamassasin run with -T and broke after an upgrade to 1.03.
Cheers,
-erwin
--- lib/Archive/Zip.pm.orig Wed Sep 11 13:18:37 2002
+++ lib/Archive/Zip.pm Wed Sep 11 13:18:54 2002
@@ -1304,7 +1304,13 @@
sub lastModTime # Archive::Zip::Member
{
my $self = shift;
- return _dosToUnixTime( $self->lastModFileDateTime() );
+ my $lastMT = _dosToUnixTime( $self->lastModFileDateTime() );
+ if ($lastMT =~ /^(\d+)$/ ) {
+ $lastMT = $1;
+ } else {
+ die ("Bad timestamp");
+ }
+ return $lastMT;
}
sub setLastModFileDateTimeFromUnix # Archive::Zip::Member